When you are somewhere a bit more then a begginer, it feels like it yea xd
#koth
vapid condor
steep agate
but for a beginner it makes their life complicated on koth
vapid condor
really? I fixed every vulnerability in linpease that I saw on one machine, and PwnKit still worked well.. still have a lot to learn hahah
hallow mortar
Maybe that could be a way to improve koth - have different leagues for different skill levels?
steep agate
really? I fixed every vulnerability in linpease that I saw on one machine, and P...
did you remove suid from pkexec?
vapid condor
Cant remember specific thing..
Maybe
i removed all yellow colored stuff in linpease
steep agate
remembering that the only binary you can remove is chattr
vapid condor
what is event meant by this?
like you cannot remove for example chmod, or wget or whatever
only thing from /usr/bin that you can remove is chattr?
steep agate
only thing from /usr/bin that you can remove is *chattr*?
ya
this is in the rules of koth, there in the lobby
vapid condor
oh yea, then everything is still good
you can chmod it out of SUID
and things like chmod 000 king.txt is forbidden, or not?
steep agate
you can chmod the king.txt at will
vapid condor
Never really understood this part in rules
Mhmm.. okey
Well I am going to sleep now, its 1:30 AM here 
Thank you guys for tips and chat! Have a great day!
||or night||
steep agate
Well I am going to sleep now, its 1:30 AM here <:cursed:761332900217487380>
it's 9pm here haha
steep agate
Thank you guys for tips and chat! Have a great day!
๐
fossil pecan
32! Haha, but ya getting old ๐ด
steep agate
32! Haha, but ya getting old ๐ด
hahahaha, in 5 months I'll be 18
stiff egret
One of these days I'll write all of the secrets to KoTH in a GitHub repo and public it.
Will make this fight boring as hell
But atleast it'll be less frustrating for newer players.
steep agate
One of these days I'll write all of the secrets to KoTH in a GitHub repo and pub...
๐ณ
vapid condor
Even tho I am the new player in KoTH, and on one hand I would like to know the secrets..
On the other hand, KoTH is both fun and educational because of the challange, I learned SO much in last few days thanks to KoTH, it forces new players to make a research on every single thing, which will teach them a lot in process..
No one will win their first several matches, but thats expected
Of course I can not tell you what to do, but I think it will kill KoTH completly..
Dont know how others would agree with me, but I think it would make new players not to have to learn anything, just be a script kiddie and take everything from one github repo, without really understanding it or having any other research
steady basin
How do you remove the "i" immutable attribute without chattr
nova tide
How do you remove the "i" immutable attribute without chattr
chattr -i king.txt would help ๐
some people tend to remove/rename the chattr binary so you can always upload your own static binary.
without chattr you can use c code.
fossil pecan
How do you remove the "i" immutable attribute without chattr
chattr is the primary binary/mechanism to control these attributes, you can bring your own (static bin, busybox, etc) even build your own simple chattr from source (see comment from @steep agate #koth message)
ultimately, chattr is just using some functionality from ioctl to set flags (some people have custom ioctl calls setup in their own tools)
https://man7.org/linux/man-pages/man2/ioctl.2.html
ah @nova tide beat me to response ๐
nova tide
ah <@267010557889085440> beat me to response ๐
I just read till the "remove i" then noticed they are asking for an alternative. ๐
steep agate
I'm going to do an ultimate tricks for windows machines in koth later
naive goblet
I'm going to do an ultimate tricks for windows machines in koth later
looking forward to seeing that
steep agate
I don't think it pays to use rootkit on windows as much as it pays to use it on linux in koth
defense tricks is enough, and persistence also in windows
harsh obsidian
@alpine quarry is this box acting funny for you also?
tiny grotto
this doesn't include changing SUID bits I assume right
proven garnet
executable permissions
midnight dome
Any idea for defence in koth
steep agate
Any idea for defence in koth
path to root, king, web, what exactly?
swift laurel
What happen to the game ?? Theres was 6 of us and when it started theres only 2 of us ?
midnight dome
path to root, king, web, what exactly?
If im the king how can i defend itโฆ Iโm new to koth
fossil pecan
So ... I bought a domain and deployed a lil koth app today ๐ฅณ
nova tide
So ... I bought a domain and deployed a lil koth app today ๐ฅณ
https://koth.gur...
That looks cool
fossil pecan
still need to finish scheduled jobs to keep database updated, but working pretty well from scraping public game json data as seeded fixtures ๐
i have a bunch of filter options already for games & players, api is public (for now at least haha) here: https://koth.rest/api
just need to figure out building UI/UX for more search options/etc
stiff egret
So ... I bought a domain and deployed a lil koth app today ๐ฅณ
https://koth.gur...
This should be getting CF-ed
fossil pecan
This should be getting CF-ed
? CF-ed?
fair adder
F11snipe has my IP now ๐
stiff egret
https://github.com/holmes-py/KoTH-counter this used to work back in the time when THM was not scraping sensitive
stiff egret
it's "cloud armored" ๐
Yeah, Interesting really, though I imagine initial scrap must've taken time, after than the pings can be slow enough to not trigger the fw.
Since the games are 1 hr long, even if you hit it every 10 minutes, fw won't get active, and the site lives.
Nice.
fossil pecan
wasn't that hard actually
~20 lines of bash
got all 50k games in a couple hours ish i think, then i crunch them all down as fixtures for django ... gonna have it just hourly update moving forward
for i in $(seq $min $max); do
game="https://tryhackme.com/games/koth/data/$i"
json=$out/$i.json
cyan "Check game #$i ($game -> $json)"
curl -sL $game -o $json
cat $json | grep -E '^{' > /dev/null 2>&1
if [ $? -ne 0 ]; then
yellow "WARNING: Invalid JSON detected for #$i ($json)"
exit 1
fi
if [ $((i % 100)) -eq 0 ]; then
sleep 10
elif [ $((i % 50)) -eq 0 ]; then
sleep 5
elif [ $((i % 10)) -eq 0 ]; then
sleep 1
fi
done
the mod sleeps was the secret sauce ๐
fair adder
```
for i in $(seq $min $max); do
game="https://tryhackme.com/games/koth/data/...
and this was the code to gather all games?
fossil pecan
https://github.com/holmes-py/KoTH-counter this used to work back in the time whe...
haha ya i have been trying to skew metrics on tie games ... my generator shows counts
Processed: 62762 entries | 43995 games | 23334 users | 16 boxes
Metrics { kings: 25094, ties: { two: 285, three: 7, four: 0, snipe: 230 } }
Finished
230/292 ties with me ๐
i was also able to find the game where you did get to meet my kingswitch haha ๐
https://tryhackme.com/games/koth/48824
fossil pecan
and this was the code to gather all games?
ya the games are all publicly available, that just slowly crawls with curl and sleeps to slow down and not get rate limited
fair adder
ya the games are all publicly available, that just slowly crawls with `curl` and...
No way ! that is awesome mate!!!!
truly love this
fossil pecan
thanks!
stiff egret
haha ya i have been trying to skew metrics on tie games ... my generator shows c...
it was complicated, and I honestly don't remember, but I think I was able to figure out some logic to distribute ties and dead games - where game is counted for but everyone leaves, or the machine doesn't start - etc, but again, that was 2 yrs ago.
stiff egret
This was before koth official leaderboards, so Naughty and I had our own
fossil pecan
โค๏ธ bash
i wanna do more videos on bash too, lmk if you have any questions/subject ideas
i know way too much about bash lol
fair adder
i wanna do more videos on bash too, lmk if you have any questions/subject ideas
oh absolutely!!!
have a ton! gonna learn the basis so i know what the f i'm asking you ๐
fossil pecan
This was before koth official leaderboards, so Naughty and I had our own
checkout the available filters on games ... just need to build the UI/UX for it haha
https://koth.rest/api/games/
anyways, been a fun side project! API is using python/django, and the frontend is ReactNative (aiming for mobile builds eventually) ... pls DM me if anyone is interested in contributing ๐
fossil pecan
checkout the available filters on games ... just need to build the UI/UX for it ...
lol just tried actually using those filters in the auto generated gui ... don't actually work, but they do if constructed properly
fair adder
Right now I'm finishing up Sec + and SOC Level 1 path. Then focusing on the Linux + TCM course and doing koth. Taken a break from koth currently
swift laurel
So ... I bought a domain and deployed a lil koth app today ๐ฅณ
https://koth.gur...
Thats actually very cool !!
fossil pecan
Thats actually very cool !!
broken pilot
+rep @fossil pecan
sour vectorBOT
Gave +1 Rep to @fossil pecan
fossil pecan
Some more minor bug fixes & updates already! (added some sort filter options, working on more search filters soon!)
short tusk
Some more minor bug fixes & updates already! (added some sort filter options, wo...
Are you using the TryHackMe API by any chance?
fossil pecan
ya i think so, just loaded public game json data from /games/koth/data/$GAME_ID
flint jacinth
wintry gust
Some more minor bug fixes & updates already! (added some sort filter options, wo...
King ๐ซก
Anyone wants to play a friendly Koth game? easy H1 linux
wintry gust
Wow no one really wanted to play Koth since yesterday
fossil pecan
Too much new years partying ๐
fossil pecan
Wow no one really wanted to play Koth since yesterday
I can join or host another soon if you wanna play ๐
wintry gust
I can join or host another soon if you wanna play ๐
I can't open my vpn
also i lost electricity for now
i'm using my phone as the internet
wintry gust
I can join or host another soon if you wanna play ๐
When my electricity comes back i will let u know, i just wish the Vpn works
wintry gust
Lemme check my VPN
wintry gust
hi
u still wanna do Koth?
I didn't solve my vpn problem but i got another way to connect
terse mica
u still wanna do Koth?
yes
terse mica
ok Create a game and send me the link
can you please do it for me
wintry gust
can you please do it for me
yeah sure
wintry gust
can you please do it for me
i will choose the easy linux H1 ok?
terse mica
i will choose the easy linux H1 ok?
yes choose easy cause its my first game
terse mica
https://tryhackme.com/games/koth/join/60bf0746ee4eb5a3d0a51913
added right?
wintry gust
added right?
starts in 3 mins
terse mica
starts in 3 mins
ah so excited ๐
wintry gust
ah so excited ๐
yep same here
wintry gust
ah so excited ๐
wanna join Vc?
terse mica
wanna join Vc?
nope can't no mic
wintry gust
oh ok
wintry gust
nope can't no mic
good luck !
terse mica
good luck !
lets goo
wintry gust
i can't find something useful inside the machine
terse mica
i am new
wintry gust
sorry i see workthrough
Lmao
wintry gust
i can't believe
wintry gust
wait i can't see any output from my shell
wintry gust
how many flag have easy linux H1
idk , this is my first time getting root and i never watched walkthrough for this
it's also my first try to get a shell in this one xD
i need to know what's the tty cause it's preventing me from executing commands
wintry gust
<:TryFlagMe:907785134059700335>
it was nice to play with u 
๐
terse mica
idk , this is my first time getting root and i never watched walkthrough for thi...
nice you best
tiny grotto
i want to try koth on here but i also don't want to commit to an entire hour of koth ๐ถ
broken pilot
i want to try koth on here but i also don't want to commit to an entire hour of ...
20 mins
tiny grotto
i thought it was longer
guess i have to try it now
(well, not right this second, but in general --- i'm busy rn lmao)
tiny grotto
oh so it is an hr
yeah that's a day time commitment
i'm not prepared to do that at night ๐
broken pilot
yea unless you get in and lock it down... then game is as long as you want to make it lol
wintry gust
yea unless you get in and lock it down... then game is as long as you want to ma...
What
How can u lock it down lol
stiff egret
Patch everything.
wintry gust
Patch everything.
damn
wintry gust
Patch everything.
can u host me for a game? , i wanna try something
just 5 mins if u got the time
stiff egret
Hey, sorry for that, I am not playing right now, busy with some work. But you can normally launch a game, if you select private with random machine, it will start in 5 mins.
If you need someone to join in so it doesn't expire then drop the link here, I'll join in. But won't play.
Additionally, there are 2 koth boxes that have been made public like other THM rooms, that you can start normally and try whatever you want without anyone else interrupting.
foodctf, and hackers.
wintry gust
Hey, sorry for that, I am not playing right now, busy with some work. But you ca...
yeah ok i just wanna test a theory
stiff egret
Done.
sour vectorBOT
Gave +1 Rep to @stiff egret
sour vectorBOT
Gave +1 Rep to @stiff egret
tepid wagon
๐
naive goblet
you know you could create your own ones and submit them to help with the problem
vapid condor
you know you could create your own ones and submit them to help with the problem
๐
vapid condor
Why do they still have it there tho? xd I dont play KoTH that long, but I heard its been a while since it hasnt been updated
proven garnet
We can submit koth machines?
jovial field
you know you could create your own ones and submit them to help with the problem
really?
i would ...
vapid condor
Of course, THM will be surly happy about it
@broken pilot GG, this game learned me a lot
broken pilot
GG bro
naive goblet
i would ...
betting heavily on that tryhackme would have very little complaints if you try and make some koth boxes and try to get them uploaded to the site.... though probably a good idea to be in the room creation discord channel then
steep agate
you know you could create your own ones and submit them to help with the problem
this is a good idea, maybe some more windows boxes would be nicer, and some linux boxes too
fossil pecan
betting heavily on that tryhackme would have very little complaints if you try a...
Do we need to ask a mod for access to that channel? I should already be there lol ๐คฃ
Or i just can't find it haha
steep agate
would it be that if I make a box for KoTH they would accept it regardless of whether it is windows or linux?
@proven garnet
proven garnet
I asked and Iโm waiting lol
steep agate
hmmmm
because I have really cool box ideas for koth, whether windows or linux, I think it's high time to innovate KoTH hehe
jovial field
i got some interesting ideas too! would be really cool to have some new challenges
and pwnkit wont work anymore ๐
broken pilot
yall know F11 has some challenges coming up with some giveaways involved
steep agate
and pwnkit wont work anymore ๐
ya
jovial field
dc? discord channel?
ye
broken pilot
idk...
steep agate
I think koth players can contribute to koth itself, whether with ideas, boxes, etc.
jovial field
I think koth players can contribute to koth itself, whether with ideas, boxes, e...
i just read in #site-support they do not
but we can ask naugthy and holmes
steep agate
but we can ask naugthy and holmes
oh, yeah, I just read it too
jovial field
if you are finished i would be happy to read it
broken pilot
lol i opened it and was like oooooo, looked cool .
broken pilot
hahaha i liked that art rip
steep agate
like counter any rootkit, ssh hook, etc
steep agate
hahaha i liked that art rip
xD
jovial field
counter any rootkit! i need to have this against f11snipe lol
really looking forward to it
broken pilot
need a counter to his kingme lol
steep agate
counter any rootkit! i need to have this against f11snipe lol
you can counter the f11 rootkit, the problem is countering his king module hahaha
f11 and his genius ideas hahaha, definitely the strongest opponent I've ever played with
broken pilot
i had found a way to score on his king script but his newest version of king script is a beast...
broken pilot
the room developer chat might unlock after you've reached 0xD GOD like the malware analysis chat but im not 100% and i think the red teamer role overrides 0xD so chat wont unlock with red teamer even if you are 0xD level.... because i cant see malware chat but i like the red teamer role
steep agate
the room developer chat might unlock after you've reached 0xD GOD like the malwa...
I can't see these chats either
broken pilot
i think its cuz we have red teamer role
steep agate
ya
jovial bronze
@broken pilot 
broken pilot
GG @jovial bronze
jovial bronze
it was my first koth
jovial bronze
https://tryhackme.com/games/koth/join/47d3d6785e87b2f591febcc7
gg
obsidian helm
@steep agate hey are you 17?
steep agate
<@745672959804571742> hey are you 17?
yes, why ?
obsidian helm
I just curious cuz I am 17 too
steep agate
I just curious cuz I am 17 too <:blobfingerguns:658062473617866753>
cool
fossil pecan
steep agate
๐คฃ
obsidian helm
harsh obsidian
Have I completely lost my mind or is king-server on Offline/Pain not reading the file and pushing it so the main server can count points for whoever has king?
broken pilot
GG Hack.You
broken pilot
magic lol 
fair meteor
i see my name when i cat it but open in vim/nano its urs
fair meteor
magic lol <:tipsfedora:662730883513450504>
๐
broken pilot
so do you really see your name or mine hahahaha
you almost had it... i saw my name disappear for a second
fair meteor
you almost had it... i saw my name disappear for a second
hahaha u did that urself ๐
broken pilot
hahahaha
you were close tho
i saw your .viminfo and king.txt~
and king.txt.save
try echo Hack.You > king.txt
@fair meteor
fair meteor
try `echo Hack.You > king.txt`
yeah u removed ur thingy already ๐
broken pilot
hahaha
fair meteor
i saw your .viminfo and king.txt~
smh didn't clear track ๐
fossil pecan
still figuring the fuck u did ๐
@broken pilot has been practicing lol
jovial bronze
fair meteor
<@485135593249177610> has been practicing lol
Yea I noticed ๐ฅฒ
fossil pecan
https://tryhackme.com/games/koth/join/03815e6efeba29251ff6efa9
Haha oops, joined 15 min into the game ๐คฃ
fair meteor
i'm also working on my new koth guru app ๐
woah ๐ฎ
fossil pecan
woah ๐ฎ
if you haven't seen it ... hoping to get release out tonight with a bunch more filter options ๐
ok gonna drop my kingmaker bomb ๐ค
fair meteor
jeez
fair meteor
hw do u do this ๐
broken pilot
its over now bro lol
fair meteor
its over now bro lol
so true ๐
broken pilot
lol damn v2 lol
hahahahah
who killed my shell that was funny
another?
hahaha @fossil pecan GG bro .. im gonna figure a way to break that....
fossil pecan
hahaha <@118749350795935744> GG bro .. im gonna figure a way to break that....
using v1 on hogwarts game ... but it's an absolute path box ๐
broken pilot
hahahaha
fossil pecan
fossil pecan
if you haven't seen it ... hoping to get release out tonight with a bunch more f...
better "advanced search" options are live now! ๐ฅณ
broken pilot
@fair adder ssh Trap:letmein
fossil pecan
Ya forgot i joined haha
vital tide
haha
it was pretty fun
there were only rlly like 4 of us in it
I was the one who won
fossil pecan
Nice!
fossil pecan
Maybe in a bit
vital tide
okie just lmk, you can ping me
fossil pecan
On phone now, i think I'm still in AFK channel on my PC lol
vital tide
yeah lol I see you there
issok
good luck on this game
im not gonna hold back lollll
fossil pecan
I'll be back, you have chattr? @vital tide
Im down for vc in a few, getting late tho haha
vital tide
Im down for vc in a few, getting late tho haha
still up?
you gotta teach me how you did that weird permission thing with the king filke
@fossil pecan
fossil pecan
vital tide
hop in vc?
fossil pecan
Sure
tranquil lake
koth?
vital tide
1 sec
tranquil lake
sure
vital tide
bet
vital tide
gleaming lava
next narwhal
Anyone have a few minutes to help me test something out on KOTH? I tried playing for the first time with a friend a week ago and the box was incredibly slow and unstable. I'm curious to know if this was due to the network we were on. So, Id like to recreate the same private match with the same box, but on my home network. Just let me know if anyone has the time.
tranquil pewter
Anyone have a few minutes to help me test something out on KOTH? I tried playing...
You can dm me. I won't be able to participate but I can help spawn the session.
swift laurel
whats up with the spam on production server saying "The person on TTY Session not a tty uses cheese strats" ?
fossil pecan
whats up with the spam on production server saying "The person on TTY Session no...
The chattr that comes with that box haha
thick torrent
Any contestants from the KOTH that finished 5mins ago (Machine: Food)?
tacit willow
I was given a key which I assume is base64 but the decoded version or the key itself would not work when I use it. Anyone got any ideas on what I could do? :D
fossil pecan
I was given a key which I assume is base64 but the decoded version or the key it...
KoTH game? Happy to help if I can, feel free to DM if you have questions
median meadow
@fossil pecan you're a bit of a KOTH ninja around these ends, interested if you have a specific methodology you use?
fossil pecan
<@118749350795935744> you're a bit of a KOTH ninja around these ends, interested...
Try to take everything apart to fully understand and build my own tools, also avoid SSH and stable/real shells as much as possible to be sneaky
median meadow
Hey yall, I need some help on the Food KOTH please can I ping someone a question?
median meadow
||/usr/bin/vim.basic /etc/password||
When trying to edit the root password in /etc/password with vim (because it showed up as SUID) I can't save the /etc/passwd because it's not writable ?
broken pilot
@median meadow https://gtfobins.github.io/gtfobins/vim/#suid
toxic mauve
Quick question, when can I join Koth? It says Intermediate and Advanced but not a specific 0x level
proven garnet
Quick question, when can I join Koth? It says Intermediate and Advanced but not ...
Itโs In your tryhackme profile settings.
toxic mauve
Itโs In your tryhackme profile settings.
Ah, is there any consequence for setting it to Intermediate?
proven garnet
No, believe in yourself @toxic mauve
toxic mauve
No, believe in yourself <@232239924462616578>
Thank you! I'm sort of getting it. I just need to keep going!
sour vectorBOT
Gave +1 Rep to @proven garnet
proven garnet
Thank you! I'm sort of getting it. I just need to keep going!
Good luck
fossil pecan
I'm a little new to hacking but want to be a red teamer so
how's it going?
weak river
woo
Did first KOTH today didn't do the best but then again I did learn. Kind of like trying a new weight I can't quite lift just to see what its like.
weak river
Doing it again now
weak river
joined
are the rooms the same, the nmap looks similar?
as in H1: Hard is always the same etc
broken pilot
some rooms the ports and passwords change
weak river
I will get this if it takes all month
broken pilot
hahahahah @elder orbit thats not gonna stop me....
@weak river if you want to practice i can host a private game
weak river
Ok, I'll do that and if anyone has any tips on which tools they use that would probably help too
weak river
sure i just need to brush up on using what info I get on nmap to find an exploit and then use it
broken pilot
you can use rustscan or threader3000 they are faster than nmap
weak river
will try using those tools
broken pilot
ok let me know which ports you get and i can help you find an entry
weak river
ok while I install docker which I've never used, so I can get rust and rustscan, im running nmap as well. I'll tell you the results and which service I would try to attack first if I were playing and maybe you can give advice
ok I see ssh and mysql on 22 and 3306 respectively
running service version scan and script scan with -A
broken pilot
could install threader3000 quickly.. pip3 install threader3000
weak river
ok
broken pilot
then typethreader3000 to run it.
weak river
got it had to install in current directory and type threader3000.py it says a project by the mayor did I get the right package?
oh wow its scanning all the ports
weak river
nice I was just making that myself when it suggested a better one
broken pilot
once its done let me know which one you want to go after
weak river
I did but it needs pass
would you use hydra or some tool like that and a password list ?
or check other vulns for quicker access
broken pilot
yea you can but also check other ports while hyrda is running
weak river
okay getting my syntax right for that bruteforce and then I'll check those too
broken pilot
ok when your done let me know you want to try next
hydra might not work since you only get 5 tries before it closes its connection
lets check out 16109
have you tried 3306? @weak river
weak river
no ill switch to that. typing these wordlists out is taking forever
weak river
nmap finds nothing for 16109 with -Pn or -A just filtered. trying mysql
oh its over
I know what I need to go study on some more since apparently I forgot a lot of what I learned last year. thanks for the tips
broken pilot
@weak river hereโs a link you can practice on ..where you can also extend the timer https://tryhackme.com/room/kothfoodctf
weak river
<@861690865202233405> hereโs a link you can practice on ..where you can also ex...
Thanks I'll brush up on this too, and when i'm ready "i'll be back"
sour vectorBOT
Gave +1 Rep to @broken pilot
weak river
another quick question is metasploit considered an 'autopwn'?
fossil pecan
another quick question is metasploit considered an 'autopwn'?
No it isn't, just a useful tool ๐
short tusk
!docs koth
pearl gladeBOT
TryHackMe
broken pilot
west seal
https://tryhackme.com/games/koth/join/0474f73a70916e8bddf55c50 20 mins
nice game bro! can ii dm queston?
broken pilot
nice game bro! can ii dm queston?
GG. and yea
west seal
GG. and yea
ty
sour vectorBOT
Gave +1 Rep to @broken pilot
fossil pecan
@radiant sun what do you think of that latest king switch? It's pretty tough haha, i swear I saw your name from king service earlier on, but no points? DM if you want, I'm curious what you did ๐
radiant sun
crazzzyy
broken pilot
Good Game @fossil pecan @west seal @cobalt mountain
fossil pecan
just started CTFs today and both my lobbies have been with <@118749350795935744>
notsudo?
wanton rock
notsudo?
yes sir. I got stuck on picking the proper payload for a reverse shell on the current lobby. gg
fossil pecan
yes sir. I got stuck on picking the proper payload for a reverse shell on the cu...
Feel free to DM if you have questions ๐
low dagger
Why can H1: Easy come back ๐ฅฒ Iโm great at it
radiant sun
i got nothing :/
search for them then
terse mica
hey
stiff egret
turns out im rubbish at these
you are not bad, others are good.
There's a diff.
One is self depreciating, and other is appreciating the world, and taking inspiration.
Careful what you say, it affects how you look at things.
edgy spindle
oh for sure
used it as a reson to go back and do more modules
im trying the "relevant" room atm
no time constraints
no stress of others "beating" me
time to get back to learning
covert vale
you are not bad, others are good.
There's a diff.
One is self depreciating, an...
๐ hi sir
stiff egret
used it as a reson to go back and do more modules
You can also try out KoTH rooms that have been released for practice, like foodctf/hackers.
They launch like normal rooms, with no time constraints. Will give you time to understand how it all works.
edgy spindle
will need to try them
covert vale
I'm new for this whr to start KOTH
nova tide
I'm new for this whr to start KOTH
!docs koth
pearl gladeBOT
TryHackMe
fossil pecan
@heady vortex thanks for the game, was fun! now you know chattr, gotta get your own static/busybox binary to bring to future games ๐ฅณ (wget from yourself, chattr doesn't come on every machine, but it's essential for endgame king fights, so gotta bring your own ๐ )
sour vectorBOT
Gave +1 Rep to @heady vortex
heady vortex
@fossil pecan was really fun, very fair of you to show me new things, the final game was also very fair of you, thanks ๐
sour vectorBOT
Gave +1 Rep to @fossil pecan
fossil pecan
Not sure why seeing this error?
you can update your "experience level" on your profile anytime! go to your profile, and "About You" tab + scroll down to bottom
crisp wagon
you can update your "experience level" on your profile anytime! go to your profi...
ty
sour vectorBOT
Gave +1 Rep to @fossil pecan
fossil pecan
https://tryhackme.com/games/koth/join/b87f23cd1bb6f2d918a16571
good luck! feel free to dm if you have any questions ๐
crisp wagon
good luck! feel free to dm if you have any questions ๐
sure
broken pilot
broken pilot
@fluid tangle good game
terse mica
ruby turret
I'm unable to ping any of the machines. Is anyone else having this issue?
nova tide
I'm unable to ping any of the machines. Is anyone else having this issue?
What do you mean "any" of the machines?
nova tide
Can you show a screenshot ?
ruby turret
Not yet but I'll be able to in 25 minutes
ruby turret
@nova tide here you go
short tusk
<@267010557889085440> here you go
Have you tried an nmap scan?
Also, you are connected to the VPN right?
ruby turret
No. I've found no information regarding a vpn
short tusk
!vpn
pearl gladeBOT
TryHackMe
short tusk
I would recommend reading the rules for KoTH too while you're at it
ruby turret
yeah I'm getting Options error: In [CMD-LINE]:1: Error opening configuration file: evilthreads669966.ovpn
yes im sudo
fossil pecan
yeah I'm getting Options error: In [CMD-LINE]:1: Error opening configuration fil...
I can probably help troubleshoot if you want, feel free to DM more questions and errors/screenshots ๐
broken pilot
@ruby turret you may have to regenerate a new openvpn config file from the access page of TryHackMe and running openvpn evilthreads669966.ovpn as root
ruby turret
Yeah, I just re-downloaded the config file and it worked. Thanks @short tusk and @broken pilot
sour vectorBOT
Gave +1 Rep to @short tusk
short tusk
!multivpn
pearl gladeBOT
TryHackMe
short tusk
Skip step 1
ruby turret
I killed them all and it still got stuck at the same spot
broken pilot
@ruby turret in that screenshot you are connected
broken pilot
Run that same command again .. then in a new terminal try to ping the machine
ruby turret
ok
broken pilot
Use ctrl+t for a new terminal tab
left creek
Jabba already gave you the reason for why you are being stuck, it looks like you have multiple instances of openvpn running
ruby turret
I killed them all
I';ve to wait 25 minutes before I can accesss another machine's IP.
left creek
I';ve to wait 25 minutes before I can accesss another machine's IP.
Wut?
broken pilot
Ok are you in a running game now?
left creek
Ah
ruby turret
@left creek He did help. I killed them butt the script still gets stuck on the same line
broken pilot
Ahhh ok.. well you were connected in that screenshot.. just open a new tab and youโll be all set
left creek
<@401153154634219543> He did help. I killed them butt the script still gets stuc...
That's not being stuck, if it's saying "Initialisation sequence complete" means you should be successfully connected
ruby turret
Okay then. It looks like I should be good.
Thanks I'll let you know in about 20 minutes
1 minutes*
left creek
Thanks I'll let you know in about 20 minutes
Try curl 10.10.10.10/whoami if it's replying with your tun0 IP, you should be good
Also ip a should only show a tun0 interface and not any extra like tun1, tun2 etc.
broken pilot
Hereโs another way to check โฆ go to the access page on TryHackMe and there should be 2 green check marks now
sour vectorBOT
Gave +1 Rep to @broken pilot
swift laurel
gg buddy @fossil pecan
fossil pecan
gg buddy <@118749350795935744>
Thanks! You too ๐
sour vectorBOT
Gave +1 Rep to @swift laurel
fossil pecan
connect gyus
๐ hey! are you IgorMyshkin in hackers game? feel free to DM if you wanna chat or have questions. GLHF! ๐
tiny moth
๐ hey! are you `IgorMyshkin` in hackers game? feel free to DM if you wanna chat...
ok))
flag in ftp
I found cred in ftp, but can't understand where I could use it
/backdoor dir doesn't accepts it
ftp and ssh too
fossil pecan
I found cred in ftp, but can't understand where I could use it
on this hackers box, you can find usernames, but need to bruteforce passwords ๐
can try hydra for ssh/ftp (with usernames found via anon ftp)
hydra http for the /backdoor works too, but need to find another username
tiny moth
nothing))
fossil pecan
nothing))
i just tested all users hydra ftp & ssh ... was really quick crack on all (using rockyou.txt password list)
fossil pecan
in the future, the passwords will take longer to bruteforce (i changed to higher up on rockyou.txt so you could crack quickly this game ๐ )
linpeas + gtfobins is usually a good enough combo to find a way to root
the vim & nano ones can be tricky tho
steep vapor
@fossil pecan hey bro, I wanna ask how you make king.txt as a read only file?
broken pilot
@steep vapor most likely it was a mount on top of root or king.txt but f11 is a little sneaky so it couldโve something completely different just giving you an customized errorโฆ. But he show cased a mount trick in this video https://youtu.be/wIDdrY-opPU
prisma oxide
I haven't done a koth yet and want to get an idea of how they play out.
never mind just saw your post
alpine mango
<@118749350795935744> hey bro, I wanna ask how you make king.txt as a read only ...
use chattr
steep agate
<@118749350795935744> hey bro, I wanna ask how you make king.txt as a read only ...
umount -l /root solve
stiff egret
if you type mount in terminal with no args, you can see everything that is mounted. Simple alterations like
mount | grep king or mount | grep root might quickly show if that has been messed up with.
red crest
Hi
Been enjoying the KOTH machines but I have a question. Why haven't the machines been changed? At this rate it's just a game of the first person to get in wins in my opinion.
stiff egret
Hi
Been enjoying the KOTH machines but I have a question. Why haven't the machin...
Agreed. Sad reality. Can't do anything about it. '
steep agate
Hi
Been enjoying the KOTH machines but I have a question. Why haven't the machin...
enough players have already offered to help koth to renew some things, new machines and etc, if they don't do anything to have new koth machines, or innovate something in it, many players will stop playing, so there will be practically no players Playing
to be honest I got tired of playing koth a long time ago, because there's nothing new, it's always the same thing and even if we talk to some THM MOD nobody would do anything about it, (I don't know if there is any policy behind it and etc, but that's what i think) I was talking about a lot of koth stuff with @broken pilot these days, the koth game mode is really cool and fun but if you don't do something new a lot of players will stop playing.
vapid condor
to be honest I got tired of playing koth a long time ago, because there's nothin...
Like me ๐
First 2-3 weeks you start sith KoTH, its a lot to learn! Learned me many things, get better, dont win, try again (Its kinda addictive ngl!)
But after you discover the most used techniques, you will stop learning, and after you play the same machines for several times, you will feel like "Oh.. Shreak again, " and you will not even have to scan the machine, just run some script and then go for a walk or something
I was actually addicted to KoTH for a while, was thinking about it all the time and was excited about it, but then it got boring, and after about 2 weeks, I completly forgot about it
But even tho its about 2 week fun when you start with it, it can teach you a lot, nice experience
broken pilot
It is kind of discouraging when a koth lead/staff agrees with an issue but canโt do anything about it.. one would think they should have enough pull to do something or at least address issues to the higher ups to help improve the platform since koth is still technically in beta form..
radiant sun
I hope they will soon. KoTH is no doubt a great way to learn a lot.
broken pilot
In the mean time have you guys tried any of f11โs koth challenges??? They are pretty good
steep agate
In the mean time have you guys tried any of f11โs koth challenges??? They are pr...
which ?
steep agate
In the mean time have you guys tried any of f11โs koth challenges??? They are pr...
I don't know, could you tell me more about it?
broken pilot
Hit him up โฆ heโs got a few different challenges in game.. a few that can be solved and a few that havenโt been solved yetโฆ like breaking his king moduleโฆ think itโs up to v4 nowโฆ Iโve managed to break 3 of em, that last one is tricky af.. or his chattr challenge.. was planning on trying to get an event going but the posts were removedโฆ and canโt get an answer from anybody to try to make it something official
He has a few more alsoโฆ been playing with him mostly since Iโm learning new techniques and having to research different things to try to solve the challenges..
steep agate
Hit him up โฆ heโs got a few different challenges in game.. a few that can be sol...
I think f11 uses someone like "Intercept syscalls", we can't put the nick inside king but we can remove it, it's like trolling king.txt
that would be cool
broken pilot
Yea but it can be beatโฆ Iโve managed to take it over and put my name in king,, each time He comes back with a new and improved versionโฆ so far Iโve managed to break 3 different versions of his moduleโฆ this last one is a beast tho
quiet schooner
It is kind of discouraging when a koth lead/staff agrees with an issue but canโt...
The creators of KoTH rooms were paid, it's expensive to create enough KoTH rooms
broken pilot
The creators of KoTH rooms were paid, it's expensive to create enough KoTH rooms
But if the community was able to submit koth boxes for review Iโm pretty sure thereโs a few ppl that would be happy to contribute for free..
quiet schooner
You've got the cost of the time to review them then
It's not as easy as you think
steep agate
The creators of KoTH rooms were paid, it's expensive to create enough KoTH rooms
in koth players, we have already offered ourselves several times to be able to help, for me you don't even have to pay me...
quiet schooner
I'm not THM.
broken pilot
I'm not THM.
So who would be the person to contact? skidy?
I mean all and all it only benefits the TryHackMe platformโฆ I have ideas for days but i understand your point that it cost money and time.. but maybe they could have something extra for subscribersโฆ that could help cover some costsโฆ have a few boxes free to play and some updated ones for paid users..
stiff egret
I mean all and all it only benefits the TryHackMe platformโฆ I have ideas for day...
As Ninja pointed out, the process of a KoTH box is not as simple as a simple community machine. The whole QA team exists for this reason to review and QA the machines that are submitted from the community, which are too many already.
A KoTH box is far more complicated and hence we were paid to make them. Taking public submissions were turned off (as far as I know) because imagine this, if everyone started submitting like 1 box each, and we talk say, 10 players. Now these are 10 boxes that need review, fixing, QA and with no assurance whether they'll be pushed to prod or not.
It's simply cost to the company and they(administration) must've evaluated KoTH to not be beneficial business wise to have stopped these processes.
inner nexus
It is kind of discouraging when a koth lead/staff agrees with an issue but canโt...
I asked for ranked koth a while ago I wish it was here, I then made a bot for ranked koth 1v1s cuz I was tired of waiting but never got to finish it because I was unable to get invite links to send to the players :/
Having tournaments ran every day would also be awesome
I held a koth tourney a while back @fossil pecan commentated for it was pretty fun
fossil pecan
I asked for ranked koth a while ago I wish it was here, I then made a bot for ra...
you get to checkout my new side project?? haha put together a mini KoTH app + rest api, pretty cool ๐
ruby turret
@fossil pecan that;'s pretty cool. What framework did you use?
@fossil pecan I know all you guys have that plugin
ladies
fossil pecan
<@118749350795935744> I know all you guys have that plugin
what plugin?
fossil pecan
<@118749350795935744> that;'s pretty cool. What framework did you use?
it's a python + django rest api backend and react-native front end (was hoping to build actual native apps from it later if i can get momentum behind it ๐ )
ruby turret
@fossil pecan That plugin that tells you what framework a website is using
fossil pecan
<@118749350795935744> That plugin that tells you what framework a website is usi...
ah yes! duh ๐คฆโโ๏ธ ๐คฃ
ruby turret
@fossil pecan ah so that's react native. I like it.
fossil pecan
<@118749350795935744> ah so that's react native. I like it.
thanks! ๐
sour vectorBOT
Gave +1 Rep to @ruby turret
broken pilot
why rm /usr/bin?????
broken pilot
was just a chattr lock hahhahaha
broken pilot
hahahha guess ill have to chmod -x /bin/rm and then chattr
guess its better than them rm -rf / lol
elder orbit
it will be better if we reset it
elder orbit
guess its better than them rm -rf / lol
lol that's will end it
broken pilot
yea glad they didnt do that
guess ill bring my static binaries over and use those hahaha
elder orbit
guess ill bring my static binaries over and use those hahaha
good luck with that, I will enter an new one ๐
broken pilot
already have em on the box .... wget ls ps and more
im streaming my game play in koth if you want to see what im doing
elder orbit
I tried before to wget my chattr but it dosn't work, did you know the reson
broken pilot
they rm /usr/bin/wget
elder orbit
im streaming my game play in koth if you want to see what im doing
which platform?
elder orbit
they rm /usr/bin/wget
no ,not this time it's another previous machine and I was able to send my chattr but it doesn't work
elder orbit
https://busybox.net/downloads/binaries/1.31.0-i686-uclibc/
Thanks broo
sour vectorBOT
Gave +1 Rep to @broken pilot
broken pilot
no problem
buoyant kite
broken pilot
sure im in koth voice @buoyant kite
elder orbit
nice game broo ๐
broken pilot
good game thought you were gonna drop some flags
elder orbit
no no my internet just get down and I can not continue ๐ฅฒ
reef sun
hey guys, I started a few days ago and found this game concept very fun, I was wondering if there were any "prerequisites" (not really established but without which it would be difficult to participate in a game) of path to have achieved ? I guess the question has already been asked many times but I couldn't find anything about it on the site.. thank you for your answers!
naive goblet
hey guys, I started a few days ago and found this game concept very fun, I was w...
now how to use nmap... and simple priv esc
with that you should probably have a good enough skill to be able to handle most of koth
if not you might learn by asking the others how they got in and learning from them
reef sun
now how to use nmap... and simple priv esc
i was expecting a lot more pre-requisites tbh, but I guess what differentiates the players is the way they search?
naive goblet
yeah basicly
knowing how to make loops or scripts that mess with the king files permissions and sets immutability can help a lot to score wins
but is not strictly necessary
reef sun
thank you for that, I'll take a look and try
radiant sun
hey guys, I started a few days ago and found this game concept very fun, I was w...
He put almost most of the tricks here
reef sun
https://github.com/ChrisPritchard/ctf-writeups/tree/master/tryhackme-koth
Canโt use that without learning more paths I guess, thanks for the share !
sour vectorBOT
Gave +1 Rep to @radiant sun
hexed harness
https://github.com/ChrisPritchard/ctf-writeups/tree/master/tryhackme-koth
I just read about KOTH and I am interested in learning it too, thanks for this resource.
sour vectorBOT
Gave +1 Rep to @radiant sun
fossil pecan
I just read about KOTH and I am interested in learning it too, thanks for this r...
I've been doing lots of KoTH, and creating some yt content too! Happy to help or play practice games anytime ๐
hexed harness
I've been doing lots of KoTH, and creating some yt content too! Happy to help or...
I'd love to do that in the future thanks ๐
sour vectorBOT
Gave +1 Rep to @fossil pecan
fossil pecan
I'm finally ready to do the streaming thing for real! Come join me and @broken pilot playing some king of the hill and other fun stuff!
charred bobcat
Starting in 10 mins: https://tryhackme.com/games/koth/join/ab55533803b98c7772208b77
ruby turret
Anyone ever experienced an issue with metasploit where MSFVENOM and MSFCONSOLE fail to start and just hang indefinitely? I rebooted and everything.
naive goblet
maybe try and reinitalise the database
ruby turret
msfdb init right?
yeah msfdb won't run either
I restarted the postgresql service before I rebooted
I just didn't know if it was a common issue
sonic belfry
Clone yourself and battle your other self.โข๏ธ ๐
charred bobcat
Clone yourself and battle your other self.โข๏ธ ๐
I was just trying to see how I would do with a default Slackware install. lol
broken pilot
https://tryhackme.com/games/koth/join/e4370518fa18f920f8019637 starts in 20 mins
obtuse nacelle
Is there a list of the difficulty of the machines in koth?
jovial field
they all vary between very easy and easy
fossil pecan
Is there a list of the difficulty of the machines in koth?
It's all relative based on your experience. As @jovial field said, they're all pretty easy if you have decent exp with CTF root-a-box type challenges. If you're totally new, would recommend practicing on normal challenge rooms first, and can always start private KoTH games for practice (I'm happy to join any game any time, if I'm free)
jovial field
It's all relative based on your experience. As <@583579616749420545> said, they'...
well he is 0xD GOD so I hope he is not an absolute beginner
obtuse nacelle
yeah, not a beginner but never played koth, gonna play with some coworkers and I don't want to scare them with hard rooms ^^
thank you guys very much
fossil pecan
yeah, not a beginner but never played koth, gonna play with some coworkers and I...
space-jam and food are good starter boxes ๐
hackers, hogwarts, and h1-hard are probably hardest ubuntu boxes
obtuse nacelle
thanks man, good to know and thanks for being kind and friendly ๐
naive goblet
@fast copper sorry found a lot of flags quickly there
fast copper
Why are you apologizing for winning?
Question tho: I got access but cannot run any command, did you patch it already?
naive goblet
nopes shadow has patched nothing
fast copper
๐
naive goblet
shadow not in the patching game
fast copper
Figuring it out right now.
naive goblet
though shadow has changed the /etc/passwd file now
just to change the root password
working up how to edit king.txt to put username
the find command is awesome for finding flags
guess you found another way in then shadow did
https://tryhackme.com/games/koth/66486 spectator link for the peeps
lols with a fun way to keep check if the king.txt file change
fast copper
I did a funky thing too, hope it works out.
naive goblet
hmmm maybe
shadow is using the watch command to check for changes of the king.txt file
naive goblet
did you just mess with shadows watch binary ;-;
naive goblet
shadow has 1 more flag then you though so shadow did something right
naive goblet
lets see if that keeps you out
naive goblet
hehehe specific binary with immutabiltiy flag goes brrrrrr
naive goblet
will tell you when the game is over if you still wanna know
fast copper
Did you use chattr?
naive goblet
oh shoot lsb found out
fast copper
I specifically avoided that one, because I only remembered that it was mentioned in the rules, but not in what way. 
fast copper
Welp rip me.
naive goblet
except for watch loop of course
fast copper
At this point it is literally impossible to catch up anyways.
naive goblet
yeah probably
naive goblet
so close
naive goblet
apparently shadow missed 2 flags
the flag icon next to the flag submission bar tells you how many flags there are
fast copper
They should put flags in envvars so I can get them easier.
naive goblet
haha forgot to check there
fast copper
Did you change the root pw?
naive goblet
in /etc/passwd to get in the first time yeah
not changed it since then
ooh found another flag
YAY grep in recursive mode for flag finding win
sorry if you feel stomped lsb but this was fun for shadow at least
naive goblet
well this game you at least got in and held king for a bit
fast copper
I got points, which is better then the last two times.
And I learned that cronjobs are horrible at keeping the king file.
naive goblet
ooooh you used cron to do it
yeah that might be bad as it only triggers once a min at maximum
fast copper
No, I scheduled a cron andthen did it manually for like 10 minutes because the cronjob was horrible.
Whaha
naive goblet
hahaha.... nice
fast copper
And well, then you told me you were using watch, so I screwed with that a little.
naive goblet
think you could technically setup a for loop that changes the king.txt file somehow
watch cat /root/king.txt
fast copper
But I was scared of using chattr because I did not know whether i was breaking any rules, and that kind of screwed me over.
naive goblet
tada you get an update every 2 sec if things change
fast copper
Deleting specific binaries is forbidden right?
naive goblet
There are many ways you can play KoTH. Here are a few:
Once you've hacked your way to King (root), defend your position by patching services (perhaps start by fixing the method to how you became root). Hunt for flags - Often you can win by finding all flags, whilst others are struggling to become King, you could be hunting. King.txt file locked? - A user might have used the chattr binary to stop even a root user editing the file.
from tips and tricks section
naive goblet
Deleting specific binaries is forbidden right?
yeah except for deleting chattr
but you can just upload busybox with chattr in that case
naive goblet
shadow did not delete chattr for reasons
- Do NOT delete system binaries (except chattr) or change executable permissions on them (or their directory).
guess it has to do with not breaking the machine to much
fast copper
I was struggeling with a script a bit, and when I noticed king was immutable, then it was already too late, because time would not have been enough.
So I kind of gave up a little.
naive goblet
fair
first time in a long time shadow has used chattr
could have kept the fight going back and forth for king but felt like lets spice it up a bit
fast copper
I just noticed too late, otherwise it would have been fine.
But that just goes to show how critical a few minutes can be when defending a system.
Good thing to remember for jobs later on.
naive goblet
YAY first koth game won
sour vectorBOT
Gave +1 Rep to @fast copper
fast copper
Happy to help, as per usual.
naive goblet
<:blobfingerguns:658062473617866753> Happy to help, as per usual.
also how shadow got in is that they noticed a mysql port being open...
then thought lets try some default creds for that
and boom flag and user password combo found
fast copper
Hmm mysql didn't let me in.
They just gave you rotated ssh credentials on a telnet port tho.
naive goblet
huih maybe it only supports a single user at a time
fast copper
It should support more, but I can very likely be wrong here.
Maybe only if multiple ports are open.
sour vectorBOT
Gave +1 Rep to @naive goblet
broken pilot
https://tryhackme.com/games/koth/join/4782847f9c2e1cf924361dd0 starts in 20 lets gooooo
fossil pecan
low dagger
Gonna try and get my class playing these
broken pilot
tender glade
does anyone want free KoTH points I have never played
narrow acorn
Any one up for koth?
narrow acorn
Hey is it ok to block service?
Like turning down ssh in KOTH?
nova tide
Hey is it ok to block service?
Like turning down ssh in KOTH?
No, i would recommend giving koth rules a read if you haven't already.
narrow acorn
Recently I was playing koth and some one shutdown ssh service ๐ฆ
I was keep logging in to with ssh which is why
nova tide
Recently I was playing koth and some one shutdown ssh service ๐ฆ
I was keep logg...
Some people tend to change ssh ports, you can try running an nmap scan against all ports -p- to see if anything new comes up. ๐
broken pilot
dull bone
It took me a long time to get in. How did you do it so fast @broken pilot
broken pilot
theres a few different ways for fast access on tyler... also take good notes some boxes the passwords stay the same @dull bone
broken pilot
ive added a lsattr to the root folder to make it fair since this box has it sent to /dev/null by design
idle sedge
question: is it allowed to change passwords of users on koth? (probably not...)
nova tide
question: is it allowed to change passwords of users on koth? (probably not...)
It is allowed.
dull bone
if I change permissions of a id_rsa file and it still asks me for a password that means that someone changed the password of that user right?
broken pilot
Or the ssh config file could be set to only accept passwords.
dull bone
How does that work? Can I do something about it?
broken pilot
check /etc/ssh/sshd_config โฆ but could be a number of things.. like maybe authorized_keys was changed and that id_rsa no longer works.. all depends on if you found an id_rsa on a box and trying to use that or trying to install your own id_rsa on a user to create a back door
dull bone
I found it while playing koth yes and tried to use it but didn't work
dull bone
I don't understand, it happened again on another game. I found valid ssh credentials (pretty sure the credentials are for ssh because nothing else is there) and it didn't work either
unkempt lark
Hum
Anyone here to help a noob like me ๐ญ
I don't even inow where to go to start ๐ฅฒ
dull bone
I don't even inow where to go to start ๐ฅฒ
Have you completed some CTF rooms?
unkempt lark
Have you completed some CTF rooms?
Yeah I have
dull bone
Than koth is like doing a CTF room but with some defense/patching as well
I'm also new to koth, so maybe I'm not giving you the best answers
unkempt lark
Do I just launch my attack box then ?
dull bone
Yes and when the game starts, just do the enumeration of that IP
And escalate privileges till you gain access to root
unkempt lark
Can I like start it without going into any paths or whatever?
dull bone
what do you mean?
unkempt lark
I don't have to connect to any machine or whatever as you would in the learning paths ?
dull bone
no, you launch your attack box and then wait the game to start
When it starts you'll get an IP of that machine, then you just enumerate it and gain access
unkempt lark
Hmm, so I have this Attack box open, and I have the ip of the machine to attack, but when I do ifconfig <ip> it doesn't work ๐ฅฒ
dull bone
Why would you use that command?
unkempt lark
Umm, I have no idea... : (
dull bone
If you want to enumerate an IP, use nmap or other tools
but first you should do some rooms involving enumeration, privilege escalation etc.
unkempt lark
I've pinged it, so it is active !
dull bone
yes but now you should enumerate it and search for open ports etc.
unkempt lark
yes but now you should enumerate it and search for open ports etc.
Thanks
sour vectorBOT
Gave +1 Rep to @dull bone
broken pilot
@dull bone I can host a private game later and help you figure out the problem..
dull bone
<@701498145284030476> I can host a private game later and help you figure out th...
Appreciate it man, but I'm done for today. If you have time tomorrow in the evening , I'll join your game
narrow acorn
Any one up for KOTH?
narrow acorn
Going to bed. Let's play tomorrow
dull bone
someone deleted the ssh keys?
broken pilot
what game?
here i added an easy privesc just run find / -perm -4000 2>/dev/null @dull bone
heres a brand new one
dull bone
what game?
the same we are playing
dull bone
https://tryhackme.com/games/koth/join/26ba23c681c4dd99d22f91af <@701498145284030...
I got nothing
no response
broken pilot
if you want i cant start a private match anybox that you want to practice on
dull bone
I got in using a reverse shell but can't stabilise it
broken pilot
try it with python3
dull bone
I already tried but it's so slow
dull bone
finally omg
broken pilot
gg
broken pilot
orchid pond
I hope to add a chat function to KOTH's waiting page to give players who are waiting a chance to communicate with each other.
valid cairn
Does anyone what happened to Mr.NIko?
HE used to be such a good player of koth
than randomly started to send crap messages of weird servers....
naive goblet
than randomly started to send crap messages of weird servers....
could be that he fell for a phishing attempt or other stuffs
naive goblet
well would assume he was hacked in one way or another.. even the most secure people can slip up and get hacked
fossil pecan
oh no windows lol ๐
upbeat bone
haha yeah right? I think the box needs to be reset, either that or someone got on the box and turned SMB off
upbeat bone
I was wrong. It just took a few tries
@fossil pecan a clue: it's eternal blue
๐ฎ
Nice try canada
valid cairn
well would assume he was hacked in one way or another.. even the most secure peo...
yes understandable.
upbeat bone
that effin cheese strat
nova tide
Nah he couldnt have
They did, and actually a good one. iirc they created a new account afterwards.
valid cairn
so you know about his new account?
broken pilot
so you know about his new account?
@fair adder
fair adder
<@456226577798135808>
Yes
fair adder
so you know about his new account?
Yes bro
uncut delta
somebody bricked the thing? 10.10.69.1?
valid cairn
Bro How do yall turn the machine into write only system
lavish haven
how do i report a guy that changed a koth flag to "sorry"
dull bone
Bro How do yall turn the machine into write only system
I guess using the mount command and ro option
To undo it use mount -o remount,rw /path
broken pilot
Bro How do yall turn the machine into write only system
check out F11snipes video about that and a few other tricks https://youtu.be/wIDdrY-opPU
valid cairn
check out F11snipes video about that and a few other tricks https://youtu.be/wID...
Thank you Trap btw you have splendid KOTH game
sour vectorBOT
Gave +1 Rep to @broken pilot
uncut delta
yo anyone know how to enumerate the sql database from the HOGWARTS room? cant seem to wrap my head aorund
proud moth
hey there. i've played koth production challenge. and i've esclated to root user but i cannot update king.txt with my username
eternal forum
maybe it has been made immutable. check via lsattr king.txt
try using chattr -i king.txt
proud moth
maybe it has been made immutable. check via `lsattr king.txt`
try using `chattr ...
i cannot check now. i played it yesterday.
eternal forum
if it happens again, try checking the attributes to see if it's made immutable. one of the ways for even a root user to be unable to modify a file
broken pilot
valid cairn
Will there be any new KOTH machines?
nova tide
Will there be any new KOTH machines?
That's a good question indeed.
steep agate
Will there be any new KOTH machines?
hahaha, there are no new machines for years, unless a miracle happens and there are new machines
broken pilot
fossil pecan
<@118749350795935744> bruh why you are not playing koth !!
Had to take a break for food haha, I'll get back on soon if you're still playing!
broken pilot
valid cairn
fossil pecan
valid cairn
20min https://tryhackme.com/games/koth/join/4773c88393f9400efe33a16c
sup bro long time no talk
broken pilot
valid cairn
https://tryhackme.com/games/koth/join/55104e692cd9ff4089eb4b4b 20 min
Trap? I have my name in king.txt
but its still not changing the king status
broken pilot
valid cairn
valid cairn
is this caused due to mounting?
broken pilot
ahhhhh you mounted over /root
broken pilot
yea the koth file is still reading from the original king.txt
valid cairn
yea the koth file is still reading from the original king.txt
so I need to unmount?
or can I make it rw and it will work too?
broken pilot
you can try systemctl restart koth
but you will also need a copy of the original koth binary in your mounted folder
valid cairn
thats not a service?
broken pilot
systemctl restart king
but you need a copy of the koth binary in your folder
heres what your mounted folder looks like
nobody is scoring points
working now
valid cairn
bro how did you find my folder ๐ญ
broken pilot
valid cairn
thats a damn cool figlet
broken pilot
if you type mount it will show you whats mounted