#koth

@civic vortex

I did reboot already

weird, it's still 2 ports open only

I'll just reset

sry

Since i'm kinda new to koth

May I ask, will setting passwordauthentication to no be against the rules?

The machine should not be made unavailable (shutdown/reboot, firewall/iptables rules to stop all communication, all services terminated, machine botching etc).
Only stop a service if it can't be patched any other way. Services should remain available for “genuine users of the box” if at all possible. Changing ports of services is allowed. (Try to keep the machines in as original state as possible.)

koth in general relies on you as a user to play fair and doesnt give strict guidelines. If there are multiple entries you might patch some but not all entries to leave a chance to other users

so the answer depends on the machine

I see, thanks for the answer~

Gave +1 Rep to @jovial field

Hey Gray, this is the THM server, please keep it on topic of THM 🙂

My bad, sorry w

no worries, thanks

hello, anyone want to play "king of the hill" game?

Mee

great, when?

in 30 mins

or in 15 mins

halilovic

can you add me?

are you available dude?

sryy I had some work

lol its alive yet

Hey, can anyone access the THM website? or is it just me

There is a problem with the KOTH offline

There is my username on the king.txt on C:\Users\Administrator\king-server\king.txt

But in the platform I'm not king

Did you make the file hidden??

Try attrib -h king.txt @slender frost

What is chattr?

Sounds like a google query lol… but essentially it stands for change attributes

https://tryhackme.com/games/koth/join/d5900e23ddd8ab48376e1b25

🤣

Ayo @lament drift Imma need to speak with you

please

Sure dm

hello, is koth available for free users? asking for a school event

think the answer is yes

though you can't make private games or choose what target machine gets selected then

It's free for all, you can make private games, except that you don't get an option to choose the target machine. It'll be random.

RustScan is good for koth too?

if everyone runs it at the same time the box can get slow ¯_(ツ)_/¯

and generally you can make nmap just as fast as rustscan if you want to

Got it thanks

Gave +1 Rep to @naive goblet

When you guys do koth things you make nmap runs based on wich machine you are or you pick some based command like -sV -sC

Or its case-by-case?

there are a few boxes where the ports change every game I guess you can tailor nmap for those specific games but I just use rustscan for r threader3000.. if multiple people are scanning the machine it will slow it down though. Ex: port scans , dir scans, brute forcing. too many while loops will slow it down also

Gotta get used to seeing my name in green now 😢😢I liked the red.... but I do get access to advanced chat now…

Btw how this tags works? like red teamer and 0xD

Red teamer was a role given during the launch of the red team pathway .. the 0x roles are based off how many points you have. You get points by completing rooms and solving challenges .. this next upcoming event might have a new role associated with it also.. I think they did away with the red teamer role so more people would participate in this new event… just guessing tho..

ok thank you !

Gave +1 Rep to @naive goblet

thank you also for you fast answer 🙂

can koth be played using thekali on the website

Yes, you will just need to update your experience level to intermediate or advanced in the about you section of your profile, first in order to play any koth games.

What is the new event?

sent

can anyone tell me the how to find out the right way to approaching a koth challenge?

https://media.discordapp.net/attachments/735670248715583528/1072785576517959700/doggo_speak.gif

https://tryhackme.com/games/koth/join/d7e06a9910c01253c5a8b331

by practice ofc

I would recommend understanding the game play with your friends or new players cause most of the players nowadays use autopwns which are really annoying and not nice at all. Feel free to DM for more

what do you mean by ofc?

of course

okay that's obvious

yeah

maybe

BTW Thank You for your suggestion...

can you suggest me some additional resources to learn more?

if you know some?

yeah first of all play every box by yourself and have a rough idea about each box's vulnerabilities. For king persistence you can check out Matheuz's koth repo https://github.com/MatheuZSecurity/Koth-TryHackMe-Tricks or after understanding how the game works it's easy to build up your own king defense tricks

Thanks a lot...

Your Welcome!

Just guessing that a role will be associated with this … #announcements message

omg. I give up on this KOTH. I'm able to get a reverse shell for a few seconds and then it crashes. I finally found another reverse shell that doesn't crash yet I'm stuck trapped in the web folder and it's insanely slow. Arg

The rules mention don't delete any system binaries except for chattr. Does that mean we are allowed to literally delete /usr/bin/chattr ?

Yea

@broken pilot thanks. What about changing the permissions of /root/king.txt. The rules say don't change for flags but not sure if that applies to king.txt or not. I know Im allowed to use chattr

Gave +1 Rep to @broken pilot

oh nice

👀

23min
https://tryhackme.com/games/koth/join/05a6546f18ca08b571031bce

im gonna suck but ill try

Wait hold up that my pfp

Make a new one im here in like 30 min

ight this is gonna be my first game how do i play

yoo guys

so i gained access to the system and rooted but how do people make the king.txt file uneditable 🥲

is it something related chattr binary on linux? perhaps if anyone could send me some reading material on how i can perform that

https://github.com/MatheuZSecurity/Koth-TryHackMe-Tricks

https://tryhackme.com/games/koth/join/50e0adc7cb545f4f0b4ae0a8

alright @vestal saddle good luck

Same too you

thanks

It's not giving me the shell come on

-_-

I still need to add more things, but I'm too lazy 😩

https://tryhackme.com/games/koth/join/894ac64d5b80242f2f1a1f33

mcLovin in pfp haha

I'm bad at defense. :/

yea hahahaha

but i change again

Here are some defense tricks that I put together https://github.com/MatheuZSecurity/Koth-TryHackMe-Tricks

That's the plan. Still managed to win tho.

Man! This Koth guy seems popular >:3

+ Kingster - The Hacker's Trick +
It is with great shame and fear that I come to present my new program to you

feel free to leave a star
https://github.com/CeloXSec/Kingster

Aren't automatic tools against the rules? Seems to be a lot of that being done.

Scripts that automatically hack(autopwns) and/or harden the machine are forbidden

NMAP isn't one of them If you meant it

Please, check this rules;

So if I were to use a script that automatically boots anyone who's not me off the system, that'd be allowed?

Kicking off users is allowed

I've been approaching these the wrong way then lol

its allowed but some players dont like it

they prefer to have a root shell x shell

about me? If it's in the game, you must use it

I can certainly see how some wouldn't like it. but if it's allowed. as the saying goes. git gud, dont git mad lol.

turning off ssh is lame. back to watching tv. blatant rule breaking

Stop turning the ssh server off. You literally have no reason to do that.

Ah, I think it was you who were going to report me for throwing my "kick.txt" at you hahahahha, you must have been really angry 🤣

this fun

As long as one way onto the machine exists, it doesn't matter.

youre right i do not have any reason to do that

it wanst me, it was massco99

i hate when this guy resets the match to get king or just drops down the services

stop services is not allowed @alpine quarry

yeah i've seen him doing it multiple times

I think he changes the port for ssh.. since that technically isn’t breaking the rules… just run another port scan when he’s playing 😎 it’s usually not in the top 1000 so check all ports…

Another good tip is create a backdoor that doesn’t require ssh to gain root shell then it doesn’t matter if ssh works or not

i patched the privesc to root and forgot to setup persistence , now i am myself not root lol

@fair adder did you used chattr on itself?

yeah i used it

step chattr 🙂

Couldn't find a way around it

Tried uploading a different one but failed

Aye koth buds

I always make a hiddien rce backdoor to root 😎 https://github.com/Trevohack/DynastyPersist

https://tryhackme.com/games/koth/join/14354f1341906d49ebf88a07

there's mine demonized too, it's very powerful, but it's not to be used on koth

Nice! Yeah I've seen it waiting for the Intercept Syscall function

Maybe in a few years I will release this specific function 😄

I release the rest of the pending functions quickly, I already have process injection, pam and ld_preload rootkit practically ready

Glad to hear!

I've been making a ctf

Mine Dynasty xD

@quanvivc123

Idk who tf bravosec is but ima catch you soon

Haha lol bravosec is @civic vortex you have zero chance with him to be honest 😂

lol

I got banned from cloudflare

Cuz I was trying to send this

Guys you can try it

NjE0NzQ2NkE2MTMzNTI2RjVBNTc0QTc2NjU0MTNEM0QwQQo=

4E6A45304E7A51324E6B45324D544D7A4E544932526A56424E546330515463324E6A55304D544E454D30517751513D3D0A

if you get king, 3 resets

lmao hahahahah

IKR happens all the time

😂

i just got banned from it

for no reason

dunno why

lmao

not only tryhackme but also discord banned that word

yeah

6147466A6133526F5A574A7665413D3D0A

6147466A6133526F5A574A7665413D3D0A

(from hex > from base64 = plain)

its not banning that word lol

there was a discord outage to do with cloudflare

nothing at all to do with whatever context you sent

@floral swan good game bro

i was on a call want a rematch?

https://tenor.com/view/black-snake-tongue-gif-2941491423484559472

is there a way to check your world ranking at KOTH?

im #1 at my country leaderboards pfff

select "all countries" instead of your country

Yeah IK, was just trolling XD

i will never be the best of my country aff

your in my koth rn lmao how are you so quick tf

i know every single entrypoint on this machine

damn, im still new tbh i keep getting upto ssh into ramen ls grab the flags on priv esc using GNU Screen -4.5.0 i cant seem to do it you got any ideas?

would you be able to teach me how to exploit that ive gotten halfway through but libhax isnt working

https://tryhackme.com/games/koth/join/4a71b7a885655c089cb4c08a

5 minutes till start

really?

Evening guys. Whats the best way to get into KOTH? Just find a team and go in? Is there matchmaking?

Just find a game and play eventually you'll learn

every way to gain foothold access at least

first time playing koth join me https://tryhackme.com/games/koth/join/a3d727e3a5fd33c5488e1298 starts in 10m

is it hard I never playing koth cause I think it's so hard lol for a newly to CTF

@lavish sigil I know i'm struggling to win

Aye hop on someone lets hack

anyone is playing

https://tryhackme.com/games/koth/join/8da298cb3399b6166e7063d8

game starts soon

Simply the best pokemon trainer!

Just captured a rare Fire/Hacker type pokemon!

play?

Yessir

is it possible for a machine to be first hacked at 14secs of starting without automation?

rarely maybe

Yes it’s possible one liners can do it

i guess if you've seen it before

@karmic gyro lmao

Using redirects incoming TCP traffic on port 9999 to IP address 10.2.66.237 on port 45999.

@karmic gyro If you block access to the king service, your access to King of The Hill will be removed. This is your only warning

Koth game starting in 10

caught in 4K lol

@fossil pecan heya it's me MeNub from recent koth, haha fun game but i wanted to know what did you do to king.txt i couldnt get the permission on it tsk tsk

hey! using chattr binary to "lock" files, it's sometimes missing on boxes (and the only binary allowed to be removed), so best to find a static version or build your own 😉

Ah damn, so ig id have had to use static binary again to change the perm, am i right?

big brain

locking with chattr and later rm -rf /usr/bin/chattr

👁️

ik all machines vulns

I decorated it

So, it's possible

39 secs

old ss btw

yeah just throw busybox on the machine and hide it well

tada most utils available

yep

14 seconds? I doubt it

😡

Yes it is possible, for example ssh into the machine and sudo -l. You can easily get root if you have the machine before.

pi

yh.

@fair adder check dm !

But still 14 sec is too less IG idk not much experience with koth
Maybe automation

every machine has pwnkit also, there’s no use of playing koth anymore 😂

while :;do rm -rf $(find / -type f -size +32610c -size -32620c -exec ls {} \; 2>/dev/null); done &

your command failed against my chattr haha

you could've just echoed anything and append to it lol

it would've worked not a big deal

dude, it varies it was in my old notes, in my wsl size of chattr is way less

its just a find command Lol why you stressing

?

ah?

I'm just showing that it didn't work for me, lol

cuz size of your chattr might be diff.

the size in the command ig is of busybox chattr

yes, just know the size of the chattr

the size of my chattr is bigger

yuh u used -static

This happens because I used -static , so obviously the size of my chattr will be bigger

yea

If you modify some things in chattr, the file size will also become larger

@fair adder its a easy one bruh. you can get king. try harder.

damn congrats for king @fair adder

🙂

thx

hello guys

i want to ask if tryhackme plans to add new machines to koth ? since all linux machines are vulnerable to PwnKit ( or most of them )

Most of the people have requested from THM but it seems they are not interested in KoTH anymore

To be honest, I find it very difficult to have new machines, if there was an update on koth, many players would certainly return to playing

and certainly, if they gave more value to koth, it would become the best game mode, it has been in beta for almost 4 years or less, many players including me have already offered to create koth machines without asking for any money in return, just because I liked the game mode and it didn't do anything

There could be an update for koth, it would be interesting and certainly many would want to play again, create new techniques, produce content in koth, and as the game mode is "hacker vs hackers", it would be the most popular and certainly many people to play ctf on tryhackme

@rancid inlet

?

I really hope it's not your script @radiant sun

Haha Nope

Whoever's it is, will either get a warning, or a ban.

I think you meant to tag sum else?

@obsidian lark

Wassup

Aye

Hey Guys

Anyone interested for koth

why's your showing mr holmes lmao

hey @steep agate , sup br

sup

how you doing?

good and you?

im good

Anyone free

yeah that's not me lol mine is at holmes

guys any one to play

yes

Hey guys me and a couple of friends who are novices with Linux are thinking of trying a KofTH. But it’s saying I can’t bc I’m not intermediate. How can we all play?

Head to https://tryhackme.com/profile and change your level to intermediate 🙂

Is koth hard? i don't quite understand it. will each person get a VM they have to protect and attack with or is everyone attacking one VM and adding their name to the sudoers file?

Its one VM that you are all fighting over

Where is this information? i looked around the website but couldn't seach it up or find it ? :/

https://tryhackme.com/r/resources/blog/guide-to-king-of-the-hill

Also just here https://tryhackme.com/games/koth

sry for asking dumb questions 😅

anyone wanna do a koth rn???

anyone wanna play a round of KOTH rn?

https://tryhackme.com/games/koth/join/435d9084dd674e7de0886765

@steep agate Hi my Friend

hii

Anyone wanna chill and play some koth?

anyone down to do some koth??

Hey guys !

heyo

There are no URLs in that message.

damn

damn please stop spamming resets https://tryhackme.com/games/koth/87719

@dumbsheet

@slywooper

sup @jovial field

idk me and SIxCode wanted to play a game and these two seemingly bots joined and began to spam reset the machine

lol

Hey, I just finished the junior pentest path. I am looking to do some koth to practice. Idealy not too competitive. Maybe cooperative ? with people of my lvl

Hey I know I'm not your level in THM, but I've just done lots of boxes elsewhere. Cooperative sounds fun, I've been teaching my partner that way. What time are you typically available?

let me know when you would like to play i'll be glad to help.

are rootkits cool in koth?

yes, but most machines have the older kernel, and some machines do not have gcc or make installed, apart from other libs and dependencies that need to be included and compatibility...

but it is possible to use rootkits in koth, and with that you have advantages

yeah but if i compile using an even older version of glibc it should work right?

will not work because the kernel versions are different, if you compile an LKM on one kernel version you will not be able to insert the ".ko" on another machine that has, for example, only one kernel version above

When you compile an LKM rootkit, it generates the ".ko" (kernel object) that can only be used in that exact version of the kernel on which it was compiled

Oh, unless you want to use user-land rookits

it will be less headache

I made ld_preload rootkit my only problem is libc version

i think

should probably look into lkm rootkits sounds interesting

How about tomorow 16h ?

How about tomorow 16h ?

In 16 hr?

16h Eastern Standard Time

Might be too early for me, I'll ping you if I'm around at that time tho.

Sounds good should be home a little after that, probably around 5:30 or 17:30 Est

As late as possible for me is fine. I hade a big day, need a nap

ok, just lmk when you are ready

sorry, I think I will cancel for tooday.

Are the machines running painfully slow today?

I think it's AOC.

Christmas traffic

wassup, anyone wanna koth?

I'm down

.

KOTH is an exciting game but there are some idiots who uses automated scripts to take over the server within less than a minut and the support is dead.
I suggest renaming the game to king of the kid scripts 👍🏻

We take all reports seriously, please continue to report users who are breaking the rules

The reason for this is because they are the same machines, and as a result players create automated scripts, and this has been happening for over 2 years...

there are many good players, and excellent people who know a lot about hacking, are not necessarily skiddies...

The only problem is that they are always the same machines, and with that, many players certainly use credentials, ssh keys, anyway... there is a big advantage over new players, but I understand your frustration

I nerver did any machine. Are there any other first timer ?

anyone in here

just ping when you want to play and ill help you practice

https://tryhackme.com/games/koth/join/82bc3ba2cca4603598b7bbea public game starting in 15 mins if anyone wants to join

https://tenor.com/view/reset-button-press-push-gif-8046442

hey, anyone wanna do a koth

H1:Hard

The worst part is players use scripts from another creator, they just run it and boom his is king. However, when another player takes king they SPAM RESET. And we barely get a response to our reports. Not complaining but suggesting THM can do better for KOTH than this!

I'm down to find people who whant to make a gentleman agreement to play for fun with an agreed set of rules.

https://tryhackme.com/games/koth/join/9f760bede474178b991f47c9

whoever wants to join, starts in 15 mins

if you want a friendly game i wont patch any vulns in the machine, ill leave all footholds and privescs the same as when the box starts, ill even give u a backdoor 😉 in... You can patch any and all vulns you find including any of my persistence tricks and we can battle over king.txt.

Give me 30min and i'm here

Honestly, I think it's very difficult for THM to pay attention to koth or make any kind of update... Some players and I tried everything, but nothing came of it...

This is sad and a shame, because Koth is very famous, many players play it, and the lobby is sometimes full, with so many players playing it.

And there simply isn't any kind of rework, update or any information about any possible future update of Koth... I will always be willing to create machines for Koth, and I won't ask for anything in return because I like the style of play... Hacker x hacker

I'm just flashing a live kali os quick on a usb and I'm here

it does have the potential to be better than battlegrounds just needs a little love and attention lol... We can stir it up again lol but we probably get the same response... 🤷‍♂️ never hurts to be persistant tho

yeah

I think we'll always get the same answer

I have no idea why THM doesn't pay attention to KoTH... But surely with more attention and love, it will become much superior to battlegrounds

because there are enough players to play koth, there is already a koth community where people love the style of play, THM just needs to pay attention to koth and it will certainly become much better and superior

never know tho.... maybe they get tired of hearing us and end up giving it a chance. or maybe we come up with some ideas for KOTH to generate some kind of revenue for thm and maybe they'll take it into consideration.

I offer to make a machine without getting anything in return, no money, I wanted to do it just because I like the koth style of play

Yes maybe

many of my friends don't play koth because the machines are the same and tryhackme never supports updates

koth is very famous, many people like this style, if you pay more attention, it will definitely become much superior

maybe even something like new machines for subscribed players.. I mean we could hype it up with tournaments and other events around koth. that might drive more people to want to play also

we just need a chance

yes that is also a great idea

but without a doubt I would definitely make a new koth machine, and certainly other players who love the game style would do the same thing

we could always just make some private ones lol ... and test them with certain players. Once its gets perfected then maybe we can turn it in and 🤞 it gets reviewed

many famous people have already played koth and they all loved it, including john hammond, maybe if there was a new update, or something like that, if THM paid more attention to KoTH and so on... People would come back and play KoTH again (even so, MANY people play koth daily) and creating new content, new techniques, etc... would be really cool.

1 person spin up the box and share the ip between the players while we test...

yes, that's a good idea

Yeah

This spin box idea, I liked it hahaha

Ready

that's a cool ideia lol

as if it were a random spin box

THM just needs to give attention and more support to koth...

Damn

Only intermediate and advanced experienced leveled users can play King of the Hill.

yea. you want to chose which box? or public game?

Yes

I'm lvl 9

is the recommended level to play koth

intermediate

Ez fix. go into your profile settings in thm and scroll down you should be able to change your experience level

ah tanks

np

Want to go voice chat

Who knows, maybe one day they will give us attention, support or listen to ideas from players and the Koth community... @broken pilot

just wait, wait and wait...

they jumped in last time we stirred it up lol

yeah lol

hahaha

ahh cant right now

you've never played before right? so im going to pick an easy box and ill send the link

Sure

are you ready now? if so i can set the game to start in 5 mins?

I am ready

I see you are already in a game that is about to end

no rush but I am ready when you are

are you connected to the vpn? and i forgot im not subscribed so i cant chose the boxes lol my bad

ill start a new public game

I am connected to the vpn

I am subscribed I can make the room

https://tryhackme.com/games/koth/join/c1d08068e8519c731e985af9

Here is the link

mind if i dm?

I dont mind

ok, i'll wait until you put your name into king.txt before i start to take king. I will step up the techniques every time you manage to take back king, to make it fun 😉

I foud a support page prety sure I can inject a payload there

test

@steep agate sup

im trying to take over the machine

For ssh bruteforce wich methode do you prefere ?

I was going to go with metasploit auxiliary/scanner/ssh/ssh_login

But I heard you can also use hydra ?

I have only use hydra on login form is there also a syntax for ssh ?
If yes that its would be way quicker then going trouh al the steppes of metasploit.
Or do you use an other methode ?

i am not sure if you can change the number of threads in the msf module. All I can say is that hydra is pretty fast and yes you can use it to bruteforce ssh. hydra -l user -P /path/to/wordlist ip ssh

but for koth usually you don't need to bruteforce

A great instructor once told me "SSH is generally not the way"

This koth guy sure is popular!

He has a whole list of rooms dedicated to him.

:3 when can I meet them?

He exists only in our hearts.

🧐

Same lol

I’m confused lol

Are you also a friend of Koth?

Oh yes lol

man i can't tell if someone is patching carnage

😔

I will provide comfort!

are you feeling better?

Hmmmm

https://tryhackme.com/games/koth/join/5a8cbc8732b9a58c42a1d23f starts in 10 mins

no one has scored king points in 12 hrs?... or the past 62 games ?

I guess the koth service is down. no one can set king since 12 hours ago...The games start normally but they are not registered. I've tried this also in private games. The same issue. If you write your name in king.txt, it gets ignored 🙂

challenge accepted lol

Yes lol, this happened to me when I was playing a little earlier, I was on king but the points didn't count...

only flags points are counted 🙂

I was looking, port 9999 is working normally, but the king's points don't count on the THM platform

Maybe it's a bug on the thm website

i think its on the scoring side like reading 9999 because koth service running and reporting the name on port 9999

there is no connection on 9999. so I guess the backend machine where koth service is hosted is down

anybody tell em about it yet?

yeah maybe

It's been like this for more than 10 hours

just filled a feedback form

@short tusk sorry for the ping but are you guys aware of this already? ^^

Let me check 👍

Is this in every room or just one? @broken pilot @young bramble @steep agate

every game

Okay thanks

no problem

In all games

every koth game, including private ones

last king

I’ve reported the issue, sorry for the inconvenience:)

Ty

We're investigating the KoTH issues,
Sorry for the inconvenience

This issue has been resolved, thank you for your patience

thank you

hi

@alpine quarry

? grow up bruh.

play the game not the reset game. !!

You have left at least one way onto the machine, right? 😁

ig we can patch the priv to king according to rules right !!

You still have to let people be able to access the box

you can access.

i left the id_rsa and all other way to get in into the box as it is. Xd.

i just patched priv.

Mhhm but you can't just deny them access to root, you didn't do that right?

whats the point of patching the foothold aswell.

nope.

What do you mean by you patched 'priv'?

if you need i can share the game's ip to you.

suid's.

I have trust 😄

Amateurs I’ll be hopping on the battle ground later today ;3

When you play HBG, please DM me 🙂

i was playing bg for a quiet a long time now.

2v2 ?

yeah

Htb battle grounds? That what I usually do I haven’t been on thm for a long time but still give it a visit every once and a while primarily stick with proving grounds

You can dm me whenever you wanna play been looking for a bud to do battle grounds or koth with been years the group of people I used to play with every day just went their own ways

i'm a beginner and i wanna try some KOTH, but i tried it once and had a big issue

I was completely clueless on what I could do to breach the machine, and at the end of it there wasn't any sort of feedback to help me see what I did wrong

It was a while back and I don't remember what all I tried on the machine

What tips could you give a beginner before they go to KOTH

I think all the rooms in koth are available as normal ctf rooms. Start solving them and you should get more idea as you go

Lots of enumeration

I can help you later today if you want we can do some koth and I can walk you through some basic methodology

https://tryhackme.com/games/koth/89865

WHAT? HAHAHAHAHAHA

duplicating matheuz bug

we now have two matheuz

+1 KoTH bugs

hahahhaahh

and now two king, lmao

The only one who actually can compete with @steep agate is @steep agate 🙌

why are you breaking koth service or even running rm -rf ? when you can't get the king back

don't be a skid

Gave +1 Rep to @compact prism (current: #1964 - 1)

@steep agate How do you persistence? pspy didn’t find anything useful.

Hello, what do you mean by: privilege maintenance?

Did you mean persistence?

yes

Oh yes, it's my persistence, you can find one of them using pspy yes...

script for setup persistence/backdoor

but other than that, I don't think pspy will catch the rest

lol.

@proud moth @civic vortex really? who created the second account to impersonate me?

maybe the one who removed koth service

not sure who needs to play this way ...

?

i was gone after c:\ shares was disabled. lol.

Every KOTH game I've seen has that same scoreboard lmao

One person gets in at ~10m or less then just maintains dominance

🤔

I saw your game against pw1 right afte rI said that lmao

Also I'd 100% be the flat line at the bottom

Haven't seen me play yet? 😜

Stealthy person

https://tenor.com/view/stealth-stealth-clan-clan-mw2-azza-gif-26685490

bro's a god

@steep agate got nyaned

man spent the whole time on hackers room trying to crack the password in hydra

Should only be a few min to crack, happy to help if you want, feel free to DM me, can do private game also if you want to practice again

@matheuz did u do reset?

@steep agate

no

why?

Oh no I thought maybe it was you, because most you need like 5 minuts to get inside the machine

most times*

but I'm already on the machine haha

Did u patch file upload..?

but I don't know who clicked reset, if it wasn't you, maybe it was that other player

no

Oh huh

I don't usually give patches, only with certain people...

Oh yep now I see that you're on the machine

anyone up for a KOTH?

nice nyan

hello guys does any one know how to get a nyancat executable binary to use in koth because im using mac m2 so my processor architecture is arm64

@steep agate how to do your nyan thing

just compile nyancat with --static flag

or, you can download this and use in KoTH boxes; https://github.com/MatheuZSecurity/D3m0n1z3dShell/raw/main/static-binaries/troll/nyancat

thnx bro ❤️

dear thm staff where i can report bugs ?

Its a serious one.

is it a bug with a room not working properly? if so #room-bugs
if it's a vulnerability that is a security risk email support

its a bug in koth.

not in room.

a machine or the page itself?
if machine it's still #room-bugs
if the page itself #site-bugs

i've rolled my query at #site-bugs
thanks for letting me know. @willow raptor

Gave +1 Rep to @willow raptor (current: #7 - 787)

sounds good, happy to help

how can we tell if every possible vulnerability was patched

theres literally no other way into the machine

tried AJP, the ssh key, file uploads,ftp,etc..

@steep agate how you run ncat to anyone who run chattr even if he downloading it and running it in any other dir how did you do that ?

you know you can find and replace a binary file right?

yes

and you can find it by a hash of the content or the filename

no

or even just some unique symbol in the file

therefore it doesnt matter where you put you chattr because he can still find it

you would either need to obfuscate the binary and randomize the filename or just use the syscalls for setting the immutable bit for ext filesystems

but you shouldnt reuse filenames or binaries as if he finds them once by chance he can certainly track them down after that fast

this still doesnt make it impossible to track your chattr binary but at least a bit harder

lol.

you can teach me rather than lol.

machine name?

will try it

https://tryhackme.com/games/koth/join/aff039e0e48750464f3975ae

Do I need my own VM to participate in KOTH?

I think attack box works, might need to open from another tab/window ... But should be able to access game IP

yeah it did, thanks

Never tried that.. nice will try that 😅

https://tryhackme.com/games/koth/join/d6319e9c8d7a5cdf901e0eb2

.

Somebody wanna play?

https://tryhackme.com/games/koth/join/699a700cf97d2315ed96ad5a

https://tryhackme.com/games/koth/join/84af5b969575f427c309d27b

@lavish crystal here

@steep moss bro dont shutdown the box. !!

that's not how we play koth. Xd.

Yes, ShaRif. If you read the rules, the first one tells you not to do a reboot/shutdown

@steep agate the koth you just played (offline) did u get in with the CVE-2002-2443

Is the best way to play koth is to jump right in with the knowledge you know?

thats what i did

Might have to try that out

where is naughty and holmes

RIP me gg @steep agate

well yeah but requires a good knowledge in defense

@steep moss nice one, no one reported you?

LOL, is it a kid? 😂

nah he said he's a "junior pentester"

It's not the first time this happens, it's happened to several other players, and every game he plays he does this, I've DM'd him on Instagram, I asked him to stop, I told him it was against the rules, but he keeps doing it same

Anyway, I don't think there is any more staff or anyone to report to, the report email takes a while to be responded to and most of the time it doesn't result in anything other than an alert and even once it receives an alert it continues to do the same

yeah I'll just ignore him for now, he cant win even with "try hard"

Hey,

Please report them via the ticketing system on the website.

Attacking users in the Discord server is not tolerated.

okay, thanks for advice

Gave +1 Rep to @short tusk (current: #6 - 1162)

...

How you can be king event nmap and gobuster not completed to scan ???
Lot of 0xG0D do C2 for pawned server ... it's will not interesting for play anymore...

for me the mission is to check vuln for that room and the bonus to be king.
Why not you @lavish crystal vs @steep agate vs @steep moss to play, and let the other's play farewell

@dire shell thanks for helping me secure the king

Gave +1 Rep to @dire shell (current: #2001 - 1)

👀

and it tells to not use any script but everyone does so...

Not everyone uses script... most use persistence script (I think), but I see that some specific players use autopwn... and also delete binaries on purpose

Like you do ? 😅

I don't do that, whoever plays with me knows 😄

KoTH has a public game mode, normally intermediate/advanced players play, anyone can play against whoever they want, if you want to play against specific players, you can create a private match

the main objective is to defend the king, so some players use advanced resources to defend

Yupz...Some people learn to check the vuln but the other using script to gain access.

the nmap does not give the result yet but the machine was pawned.

Well, as I have been playing koth for a while now, I have closely observed many players, and I can say that most of them reuse ssh credentials/keys, as there are only 15 machines, most of the vulnerabilities are also old and can be exploited using metasploit as well

There are few players I have observed that use autopwn

But the real challenge is defending the king, you learn a lot of new things from other players and by researching too...

It was thanks to koth that I became very interested in rootkits

Yups. i know THM from watching John Hammond Play Koth on YT. and that's cool for me as a noob

If it's like John's video, I think for beginners it would be cool to play private games with friends first, and then play in public to get used to it.

https://tryhackme.com/games/koth/93196 Spectate

4 minutes to run

Let's play farewell

https://tryhackme.com/games/koth/join/d50db74304195dc7498325d8

what do u mean by autopwn ?

They have bot to get in to the machine

or C2 Server

wait what?

i don't see how u can use a c2 on thm

They just have a script that auto-exploits the known methods onto the box

It is against the rules and will result in a ban.

what's happening with koth machines?

added to /etc/hosts but can't nmap on it

like autopwn-suite or more specific tools for koth?

more specific tools

bruh

in short, a script that explores the machine without having to do anything, just execute, and it already gives you access to the machine with root, and automatically fixes the machine's vulnerabilities

and this results in ban

is it just me?

add -Pn

yeah but why is it blocking without it?

idk

kk

so what's forbidden and what's not for scripts?

autopwn is okey, but the others?

i don't want to be banned for doing something fishy

what it means "harden the machine" ?

make the system more "secure"

oh okey

tf is going on

im giving up i just can't interact with the machine

https://tenor.com/view/fist-mad-angry-anger-meme-gif-17499271

GG

GG Bro ... you are the legend

gg

any idea on why i couldn't interact with the box?

is it happening sometimes for u too or im just cursed?

especially for koth and especially on some machines, I recommend you use rustscan, it's much faster

i did see it on some ctf writeups but never tried it

but if nmap can't ping the machine i guess it would be the same for rustscan?

well, I like to use rustscan in CTF's

Hei ... are you patch the vuln?

no

from wich level we can play koth?

my mate wants to play but it says "only intermediate and advanced experienced level players can access"

https://tryhackme.com/r/manage-account/account-details

yup just found it thx

you can go to "Experience Level" and change

Then how your name cannot be edit ?

are you loop script?

GG bro nice game

No haha

it's my custom rootkit/LKM

gg

i can't believe it

im in a private game and gaine, can't even interact with the machine

i can't nmap nor ssh on it

nothing

maybe problem with your vpn

am i dumb or?

pretty sure it's a private key file 🤡

Okey just to be sure : am i allowed to use scripts to patch vulns?

Not autopwn or anything else, i gain access normally but use scripts to patch vulns

is it normal if i get disconnected from a user shell?

i was looking for flags and got disconnected from shell, im trying to get back on it but nothing...

i guess it's time to sleep...

The formatting is messed up

You're missing a bunch of newlines there

really?! like what?

i didn't really used it so i was referring to a writeup on htb

Mk0, if the file is encrypted, do you need to break a pw to decrypt it? Maybe ssh2john on the hash and then supply a wordlist?

Try creating an encrypted RSA key yourself and see what the format should be. You can then compare that with the one you have there. Should be pretty easy to fix after that.

You mean... exactly what they tried to do in the screenshot about 5 messages back in the chat?

Ahh I didn't see that that far back

@steep agate can u explain?

20 seconds?

in fact it was you, you can see on the dashboard who was the first to score flags (see the timetable too)

flags or root?

detail: when I entered the machine you were already rooted and using /boot/koth.sh to protect king, so I just used my LKM and became king

idk whats the meaning of "firsthacked"

but i was not root

i was in fact in a bash somthing

but not root

idk very well of koth

3 minutes after you haha

yep shrek flag

bruh i thought it means king

you ran koth.sh to defend while the time didn't beat 1 minute the king, so I loaded my LKM, and replaced it with my nickname instead of yours

you were supposed to be king at 20:22, but when I loaded my LKM, I was the king

hehe

oh i didn't think of that this way

i thought u became king in 20sec 🤡

No , I logged in 5 or 4 minutes after starting and you had already scored flag and were already root haha

im reading ur github repo

i didn't think they were so mystical techniques to defend

im so lost on windows

Fortune box is broken (for me) because i got the creds and can't ssh with it

Or maybe im doing something wrong but i extracted the creds.txt file 3 times to be sure i got the right password, used it on ssh and got it wrong...

Reasonable chance someone changed the password before you extracted the file

I built that machine years ago. The autogen has never failed before. Chances of it spontaneously starting to fail now are slim

At that time I was the only one on the shell, that's why I forgot about this idea

But yeah I thought about it at first cuz I do it too 👀

How do you know that?

This explains why sometimes machines like Hogwarts/Fortune, when you get the passwords (rarely, not all the time, for me) don't work

Hm?

I was against another guy who didn't get any flag all the game

Well now that's interesting

If that happens again, do us a favour and grab both the hash from /etc/shadow and the plaintext credential for me please?
There's nothing I can do to amend the machine unfortunately, but might be able to figure out if there's an issue technically

(btw are u planning on adding new machines for koth?)

@terse willow sorry in advance for the ping

That's something only staff can do, and I have been out of the loop a while now.
To the best of my knowledge the answer to that question is no, but things may have changed in the last 18 months for all I know 🤷‍♂️

Okey np thank u

Still the same answer, not long ago we asked this same question

The project was effectively abandoned years ago.
Again, whether that's still the case or not, I couldn't comment

Well, it's really a shame, because it's an incredible project

But I still hope that one day we will have new machines 🙏

anyone wanna do koth with me?

if i get root, patch the vuln, change root password and protect the king (delete chattr etc...), except for lkm how can someone get the king back?

If they have persistence, they can remove/undo your protections on king file. Or simply have a faster write on king file than your method.

What kind of persistence? I don't really see how am I supposed to do that on a koth machine. And I don't understand the "faster write" part

You should read on persistence.
Basically, if someone got in first, and setup some back doors, then setup a script to write their name in the king file.
Now regardless of if you change the password, or patch anything/everything, they still have that backdoor to get in the machine.

About faster write, that basically comes down to the efficiency and speed of the method you are using to write into the king file. For e.g., There could be better ways, but in most cases, running a python script to open the king file and writing your name into it would be slower than say, a compiled C binary that does the same thing.

Yeah i know about persistence, just wondering about this case because im pretty sure i got in first and in the rules it says no script for autopwn... persistence is okey? And the machine ip reset every time so i guess a persistence can't be on the machine everytime, but maybe im wrong im still learning koth (i do pentest but never did this kind of things). Idk if im clear because english is not my native language, im doing my best 🙂

And for the faster write part, i recently wrote a custom shell script to write my name in king.txt, chattr and remove its binary and then whange passwords. But if im the first to get in, except for lkm (i have to look into that its pretty cool) i don't full understand how some people keep getting access despite my defense 🫠

The case im talking about is i got access to root and became king, waited for like 10mins and then the king changed, i couldn't write in it (permission denied) and then i got kicked out of my shell and couldn't get back in

Okay, so one thing at a time.

1. Persistence is okay, and in rules, it is actually part of the game.
2. You have to setup persistence every time in a new machine, but it is irrelevant to the machine IP, for e.g. a script that in the background sends my IP a rev shell every 2 minutes, does not need the machine IP in it. This is a very basic example and probably won't work against advanced players.
3. You need to understand that even if you delete the chattr file, people can upload their own under other names and use them instead.

Also, it's a competitive game, meaning people will continue to change the king file and you'll have to defend it every second, your script needs to hidden enough that others cant just kill the process from ps aux.

Most likely someone uploaded their own chattr or used other file I/O methods to change the file permissions on king file.

Wow okey i didn't know that, and i didn't think about the fact that they can just upload another chattr like, it means that i should find a way to block the upload 🫠

And didn't think about killing the process too

Thanks a lot for ur answers, i'll read some doc about it (and if u have some or advices for me my dm are open)

https://tenor.com/view/the-thank-you-both-so-gif-22076877

https://github.com/MatheuZSecurity/Koth-TryHackMe-Tricks @violet zealot

maybe this repository will help you with koth

yep already did it thw now im reading demonizedshell

there is sooo much to understand and learn

Nice resource thc u

I'm on Hogwarts and my nmap says ssh on port 7958 but i couldn't ssh on it

for those that wan't to join the fun, starts in about 5min: https://tryhackme.com/games/koth/join/e6bf629d8cf5f68818f267bd

On windows machine where am i supposed to find or write the king file?

its been like 10-15mins im root but cant figure it out

and for some reason my shell died

wtf is that

nobody became king and i got all the flags in 1st

and he's using multiple accounts 🤡

👋

Do you have the game links?

i think

i didn't save it, can i find it somewhere?

It'll be in your search history

i don't find it

Are you on the same browser/ machine you completed the game on?

yep

oh i think i got it

https://tryhackme.com/games/koth/94129

This has come up in discussions internally as CEs, hopefully yes, but I can't give an ETA on this. But we've talked about it 🙂

KoTH is definitely overdue some more machines being added
cc @terse willow @steep agate

Nice! I'm happy with this news, if I can help with anything, let me know too

Sure! I'll keep a note of your interest if we progress with anything. But yeah, not a definite 100%, or if so, when...but fingers crossed!

I hope everything goes well, KoTH is loved by many players, but certainly many are already happy with this news including me, I will do what I can to help, if you need any help, you can count on me 🙂

Same here

https://tryhackme.com/games/koth/join/e6ab8dab054a90eb07cd4353

Hi sorry, I didn’t respond yesterday.

That user has received a warning for using multiple accounts on KoTH. Sorry for the inconvenience 🙂

lmao i don't understand how the victory system works

Looks like it's alphabetical

in fact it is not like that, for example, mk0 must have entered the match first, then mascoo, so the system counts the victory as whoever entered last, if no one marked any flag and no one was king, the system gives the victory to whoever entered Lastly, I watched this for a while

damn

Hei bro i lost king from you last time we play, and i remember you said using LKM rootkit, i start to learn about that can you guide me to resource for read and write a file i was able to follow a yt for abusing signal kill but i am so lamme and need something to learn about it

search how to intercept sys calls