#koth

little trick

heart palpitating

nah I wouldn't fear lockbit

The head of lockbit was captured not too long ago

one of the admins/dev not the main creator/founder

https://www.heise.de/en/news/Lockbit-Investigators-claim-to-have-uncovered-the-head-of-the-ransomware-gang-9711250.html

I read it there

are linux kernels all the same version on koth?

no

-- Debian kernel(s)
----------------------------------
carnage: 3.16.0-6-amd64

----------------------------------
-- CentOS/Rhel kernels
----------------------------------
panda: 3.10.0-862.el7.x86_64
shrek: 3.10.0-862.el7.x86_64
tyler: 3.10.0-1062.18.1.el7.x86_64

----------------------------------
-- Ubuntu 16 kernels
----------------------------------
lion: 4.4.0-87-generic
hogwarts: 4.4.0-1112-aws
spacejam: 4.4.0-142-generic

----------------------------------
-- Ubuntu 18 kernels
----------------------------------
production: 4.15.0-91-generic
h1-easy: 4.15.0.135-generic
food: 4.15.0-91-generic
fortune: 4.15.0-96-generic
hackers: 4.15.0-99-generic

----------------------------------
-- Ubuntu 20 kernels
----------------------------------
h1-hard: 5.4.0-1037-aws```

wow ty

Gave +1 Rep to @steep agate (current: #133 - 50)

Lynx.

so u had to adapt ur lkm for every machines?

Just build it using the appropriate headers.

And do some preprocessor ifdefs to handle older kernel versions which do not support the regs convention ig

yeah, and it's very tiring

No bro, if you compile an LKM in a kernel version, for example 4.4.0-186-generic, if you try to load the LKM that you compiled in that version, and try in version 4.4.0-142-generic it will no longer work more

Remembering that most koth machines do not have make installed

that's why u have to upload ur own, like chattr etc

Didn't have VPN setup last time, first config didn't work for some reason. but 2nd one did.

lets see how i do this time https://tryhackme.com/games/koth/98808

learned 2 things doing the last one

Upcoming https://tryhackme.com/games/koth/98821

need some help for this one?

havent found/learned anything yet 😛

usual ftp, ssh, httpd, some rpc on this one

try telnet on port 9999

i wonder how this dude gets points with 0 flags

? telnet on 9999? lol

I nmap'd it a few times, but only with --top-ports 50

port 9999 is where the king/KoTH service is hosted, every 1 minute if your nickname is within king.txt 10 points will be counted

mybad 3333

telnet ip 3333

Scanning 10.10.20x.x [100 ports]

who ever is playing right now, tell me how you did that 😄

@fossil pecan

?

are you playing ? or are you supporting spraykatzz?

Oh no haha, forgot I joined another one

I found a zip file

zip2john

^ or fcrackzip

Speed.#1.........: 4017.7 kH/s (0.15ms)

Status...........: Cracked

came close

kinda pain if you dont know if higher tier players lock everything :S

there's no anyone called "higher tier players" 🤣

no

Why not just use netcat? 👀

Pwncat-cs FTW.

im noob sir

Learn netcat, it’s a very useful tool

i use it for reverse, didnt know i can do telnet with it

I’d say learn how sockets and protocols work over them too.

teach me senpai

No thank you

Gave +1 Rep to @brisk stump (current: #2080 - 1)

any link you would share 🙂 ?

HTTPS://tryhackme.com

me

https://tryhackme.com/games/koth/join/d9431f0d5e7e8eb9af39a85a

starts in 20 mins

so lost in the sauce with this koth, just did my first one and only found the flags

I hope you enjoy this, KoTH has been one of the most exciting learning experiences I've had which laid a foundation to where I am today

It's okay to be lost in the sauce. There's some very talented people that play KoTH and are normally open to answering questions/give guidance on the approach they took.

Warning: it’s addictive

any beginner here wants to play?

imagine complaining about poping urandom on a shell and then killing shells... @young bramble

so i take back ur word : really?

damn

people who can't play koth without killing shells apparently

I don't quite understand why players concentrate on other's people sessions instead of the king.txt. You were doing quite fine protecting king.txt there was no need to spam my terminal with urandom. I would't do it unprovoked. I never kill other people shells unless they ask for it. Great game BTW. I'm impressed. You made me rethink my notes on Carnage

and btw, using commands without relative or absolute path makes your scripts vulnerable ... in your case it was enough to add an alias for hostname="kill -9 $PPID" in your .bashrc and this is why your session was killed

and as i said i was just trying it, and killed it right after

it's a bit extreme to respond to it by killing shells the whole game

didn't understand this part

I will check the pspy log more carefully but I know the urandom didn't stop until I killed the cat process myself from another shell

as I've said I added an alias command replacing the command 'hostname' with killing parent process. I don't know if you executed manually hostname or the pwncat stabilize was doing it. I've just seen it on pspy and took advantage of it. Technically you were killing your own shells

there... you were on pts/4 on a real terminal. If you would have been pressing Ctrl+C faster than me killing it ... anyway sorry for not seeing you writing on one of my terminals (pts/1) that you were "just testing" ... on me

just use ssh with -T

for enter in ssh without TTY

and the problem with urandom will be """"resolved""""

realy "resolved" ? 🙂

That's why I put a lot in quotes haha

but, if you have a reverse shell, and don't have an interactive shell, just for example with "/bin/bash -i" , you can't, in some cases 😎 @young bramble

No such file or device 😳

Yes, reverse connections to C2 cannot be spammed with urandom so you're "safe", But the idea was to not mess with other users terminals because this can degenerate really fast and end up with while loops writing on all terminals 😄... Then it will be no fun playing even for other unsuspecting players.

In fact, you're not even safe with C2 and reverse shells, I know another really cool trick haha

flooding the c2 ?

no

hehe

it would be against the rules

every time i try it doesn't work

so i gave up lmao

Now, are you safe HEHEHEHEH @young bramble

damn that's magic.. 2 windows antiviruses on linux without wine

It has nothing to do with C2 flooding 🙂

https://tenor.com/view/magic-sorcery-mickey-mouse-fantasia-gif-13645229

No either haha, there are tricks that I will never reveal 😄

Good. Powerfull tricks are dangerous. And in the wrong hands can create chaos 😄 Or script kiddies will brag how good they are... with your work.

for me worked everytime... I always keep one -T ... how did you try ?

ssh root@ip -T

Yeah, that's why I might never reveal LKM's tricks haha, oh other than the research I did, which I'll publish later, on how to "defeat" LKM rootkits

worked against @fossil pecan

hahaha

it's correct

It works for me too, it's strange that it doesn't work for him 🤔

maybe it didn't work because I was periodically changing passwords for all users and rewriting ssh keys, or maybe root login is disabled in sshd config... I've seen only a few koth machines with root login enabled

never encountered that

did u do it manually or inmplemented it in ur script?

and no it didn't work for me multiple times, not only on this game

I mean technically isn’t everything “not safe” if you have an LKM 🤣 You’re basically an extension of the kernel, no?

kernel extension? what?

LKM = Linux Kernel Module right?

yeah

Loadable Kernel Module

They extend the functionality of the kernel, giving you access between Ring 0 and Ring 1, right?

then you compile, now just load for example "something.ko"

ring0

kernel mode

But with how they’re executed, if you can hook a write() you could technically hook fork(), exec(), socket(), init_module(), etc

Right?

This is very weak in terms of hooking other syscalls

But possible or nah?

Well, you can try haha

Unfortunately don’t have the spare time currently, but from the article @fossil pecan sent me on LKM rootkits you can hook almost any system call from an LKM with the right knowledge

yeah

A very good article to learn from is xcellerator

I also know what syscalls @fossil pecan hook haha, very smart

If you know what to do hooking, how to implement it and the logic, you will be very good.

That’s the one he sent me ^ I’m just wondering if the same logic applies to socket() and you can just negate someone’s system calls for their C2, or reverse shell

But with that same logic, couldn’t you hook init_module() to negate the loading of another LKM rootkit?

I've done this before, but it doesn't work, because if someone loads the LKM rootkit first, it becomes completely useless

That was my next question 🤣

🤣

I haven’t programmed in a long time, but I might have to look into this. Appreciate the discussion @frail estuary

Btw, it is also not possible to revert the changes, unless you do a reboot (which is against koth rules)

Oh, i understand

You mind dropping the actual GitHub link? I wanna bookmark it and read it after work

Maybe later I'll make it available, I think I'll reuse this and leave it in the repository I made and left private, based on research I did on lkm rootkits

Gotcha, wasn’t sure if it was a page you were referencing or your own work. I understand

Oh, it's my github, I have a lot of things I did that are private there

I believe it man, you definitely got a good head on your shoulders

Hooking init_module? :Dd

A curiosity: if someone hooks init, it can break the protection using finit, if in doubt, you hook both 🤣

Do you know finit? @keen remnant

Its almost the same i just looked at it. Im sure you can hook both

Just takes file descriptor instead

Yeah, so if someone hooks init_module, you can bypass this using finit_module

Exactly :Dd

Is that what you were using?

Just curious if you have some other insane method 😄

Also mind if i dm?

No, lmao

It didn't even come close 🤣

Everything ok, feel free to send a message in DM

come to butthead

?

cmoe to the KoTH

come with us to the m00n

https://tenor.com/view/nah-im-just-kidding-jk-joking-just-kidding-haha-gif-14660749

https://tenor.com/bWfk5.gif

https://tryhackme.com/games/koth/join/fe1c42269b328032cc8a1a9c

come get some

https://tryhackme.com/games/koth/join/cad59968b14a8e11aebbef83

come get some... more

yes it is. unless its a patch

Patch the machines vulnerabilities to maintain your access

crap... domo i used a DoS on accident

it was a cve for the web server

slowaris

it slows him down...considerably

they booted me for it

i wont do it again THM sorry

which port did he close?

i can still access the webpage

gg

sloppy but good

https://tenor.com/view/king-of-the-hill-koth-yep-yup-hank-hill-gif-18879339

https://tryhackme.com/games/koth/join/bcfef85f69340bd492f3ddfe

https://tryhackme.com/games/koth/join/4696ceea5904a25ed8a2399f

https://tryhackme.com/games/koth/join/fa0a050325d19117edbdf68d

https://tryhackme.com/games/koth/join/eff9881a1b4ea1405c03eb60

how long does it take to get the King badge, after winning?

does it need to be a full room? there were 6 people in the room and i still haven't gotten the badge

https://tryhackme.com/games/koth/99695

this was the game

yup

ah too bad, i didn't know you had to create the king.txt file in /root to be king i was just searching for a txt file named king :/

idk why hogwarts have this thing the only machine that doesn't have the file in /root/king.txt

https://tryhackme.com/games/koth/join/aa6017d3cd028a041d30565a

you got to make it yourself

Hello guys, How do you make read-only file mode in king of the hill competitions?

And can someone with data knowledge on this subject explain the situation to me?

check lsattr /root/king.txt

maybe someone protected king.txt with chattr

lsattr /root/king.txt
----ia--------e--- /root/king.txt

oh thats true

im root but why im not permitted

now you can undo this using chattr -ia /root/king.txt

why chattr directly changes the attributes of a file, making it immutable

When I type id, I see that I have root authority, but on the other hand, when I run the sudo su command, it asks for the password of the serv3 user. Why do I not have full authority in the system even though I am a root user?

only your 'euid' is root, to change the password it is necessary that at least your uid and gid are root too

try putting your public ssh key in /root/.ssh/authorized_keys, so that you can log in to the root user with ssh

Well, I somehow gained privilege in the system and rooted my euid value, but is there a way to root my gid value at the same time, or is there no access to this in koth games?

ah okay ,Is this the solution to the problem, I have solved it now?

I wanted to say If I log in via ssh, will all my identity values ​​be root?

There are countless ways to escalate privileges on this H1 Easy machine, try to find a way yourself, if I tell you it won't be funny hehe

If the user you log in to via ssh is root, yes

Okay but hat other way could there be other than ssh? I'm just asking to improve and learn.

Hello, what rooms would you guys recommend for starting with KOTH

There isn't specific rooms you need before playing koth.
Maybe before starting playing koth find some ways online on how to protect kind and that stuff...

and with time you and experience frrom playing with other players you well learn a lot of thing in the way

Like what tools should you know ryc

Incorrectly formatted my question

You shouldn't "Learn tools " You should learn tools concepts
but for koth probably chattr and how it works and how mounting tricks work too

Like matheuz said only your euid is set to 0 (root) if you want to escalate your UID and gid you can do something like python -c 'import os; os.setuid(0); os setgid(0); os.system("/bin/sh")'

I understand the problem exactly, I was typing “chmod u+s /bin/bash” into the file run by root and running “/bin/bash -p”, but this was not enough to change the uid and guid values to root. Thanks anyway

Gave +1 Rep to @broken pilot (current: #83 - 77)

If you want to practice KOTH before you play you can try https://tryhackme.com/r/room/kothfoodctf or if you want to simulate playing against someone you can try https://tryhackme.com/r/room/redisl33t

Other than that I'd just jump in and learn on the fly

Yea what I just shared with you will change your gid and UID to 0 ....

You run that after your euid is set to root and you will have full root access...

Yes, that's right. I thought I would become root permanently when I set the suid bit and run /bin/bash, but that's not possible because suid bits only change the active user.

Thanks for reply btw

Thanks man

Gave +1 Rep to @broken pilot (current: #81 - 78)

Thanks, I was looking for someone to link me with chattr, forgot the name of it 😄

https://tryhackme.com/games/koth/100650

there are some ways to set your uid to 0, giving you full root if you only have euid=0. Trapnatized gave you a python method, I can give you a small C program that you can compile statically on your machine (because Easy machine does not have gcc) and upload it to easy and run it with euid=0 :
#1246161294869004378 <stdlib.h>
#1246161294869004378 <stdio.h>
int main(void){
setuid(0);
setgid(0);
seteuid(0);
setegid(0);
execvp("/bin/bash", NULL);
}

If I run this script even when my euid value is 0, will my guid and uid values ​​also have root privilege?

yes ( setuid(0) will set your uid and setgid(0) will set your guid )

but this is not a script. this is a C program source that you need to put in a file.c and compile it with gcc

Thanks, actually it would be easier to get root shell directly with the reverse shell command instead of typing chmod u+s in the backup.sh file and becoming root good to the suid bit, but this is a nice alternative to have full root privileges, thank you again.

Gave +1 Rep to @young bramble (current: #2092 - 1)

I added suid bit to /bin/bash terminal with chmod u+s instead of writing reverse shell in backup.sh

so I only had a zero euid value

if you compile the above code and make the resulted binary suid root with chmod u+s and run it... it will give you full root

Yes, it's really true. Thanks again

but be carefull if you compile it on another machine with different libraries it won't run and if you compile it with -static directive it will be a bigger binary with needed libraries included.. like 738 KB instead of 16

making /bin/bash suid root is not a good idea in a competitive game like koth, because other players will find it and use it to get root. The idea is to patch the ways that elevate privileges in order to keep the king

you can add a password authentication to the above C program to make you root only if you know the password. Then you can make it suid or a use setcap or just run it with euid=0 to make you root

I have asked ChatGPT to help me add a hardcoded strong password using openssl library and even if someone finds the hardcoded hash with reverse engineering, it will take ages to crack the password

anyone wanna play koth? hmu B) 🤙

Hi guys I want to just double check the rules, am I allowed to change the machines password?

I read the rules but couldnt find anything

Sure, that's just patching👍

ok cool

@light flame another question, can I do writeups for koth ?

without giving flags away ofcourse

It is allowed, as you can read under 'Streaming and Writeups'.

But personally I wouldn't do it, to keep the game 'fair'.

Because as far as I know the machine pool isn't changing

But it's your own choice, and it doesn't matter very much because there are already writeups out on the internet.

There is already githubs put there with KoTH "tips".

Anyone care to share a tip on where to search for the 6th flag on Medium machine ?

Or 8th flag for panda ??

or 8th for shrek 😆

This is a curious fact, there is no 6th flag for this machine in KoTH... you have to play H1-Medium other than in Koth to get the 6th flag, I don't know if this is a bug or if they simply didn't add the 6th same flag

I didn't know that. Thanks @steep agate

Gave +1 Rep to @steep agate (current: #129 - 52)

I don't know if there is still H1-Medium in THM or elsewhere, but the 6th flag is not in koth's H1-Medium... you can try to look for it, play and get the 6th flag

what ur nickname?

?? For KOTH? Trapnatized

okay

Why wassup

I thought you were at our match so I asked.

Oh ok. I can be 😎 you playing now?

I just left, maybe later.

https://tryhackme.com/games/koth/join/dc902a6a4e5da1efda77e37d

https://tryhackme.com/games/koth/join/317fff50c6e8f7d80e0e1895

Yo, can someone help me with Panda, found this with dirbuster but when I try and put a password etc it changes url to panda.thm < which isnt found etc

kinda aids ngl, samba was locked for RCE like 1 min into the game and nobody had king then

I also did add the ip in my /etc/hosts and did put panda.thm

this ip bugging

can you show the entire /etc/hosts file

it worked for me. You need to login via this url http://panda.thm/wordpress/wp-login.php after you put panda.thm in /etc/hosts (not via IP url)

Haha yeah man you were busy beaming me in game

Naah. I was busy searching for flags

I didn't even patch anything on this machine. Only changed passwords and ssh keys. The web backdoor was open, the password for po in wordpress was unchanged... what do you mean with beaming you ?

In fortune

Got root in 1 min

Deadass thought you were cheating but after checking your games gotta admit your pretty good

Played against you a couple times but this time my box was aids and didn't wanna recognize panda

There isn't much to do, there are few pools of machines, so if you played a machine before, and in the next game that same machine falls to you, you already know how to root/shell it.

true but still

You can try playing in private games to find out how each machine works, since in public games most people already know the path to shell/root 🤷‍♂️

definitely gonna try that

thx for the advice!

Do you know if there are any other platforms with Koth, after I learn all the machines i'm probably gonna become bored

i have koth repo with tricks for defense king, patch machine, etc.. if you can look: https://github.com/MatheuZSecurity/Koth-TryHackMe-Tricks

I saw your repo

I literally follow most of your steps

There are htb battlegrounds, but you only get two attempts per month (if you are not a premium user), and there is htb practice battles mode too which has some machine pools and over time (I don't know if it is a matter of months) they change with new machines

and there you can also play 2v2 and 4v4, in teams

that's pretty cool

Nice

THM should definitely add 2v2, would like to be in a team with horatiu

I'm afraid this may take some time to happen (or it definitely won't happen, idk, if it were up to the players this and other things would be implemented in koth in time) 😅

I want a chat feature in Koth

Ik it can become aids but still, would be cool

Unfortunately, things don't work like that, just because you want it to be that way, it has to be that way, it can take time to implement, anyway, something like that doesn't depend on the player, but we can make suggestions, ideas for improvements, etc., myself and several others players We have already made countless suggestions for improvements and even offered free help

setup a webserver with chat on the machine...

yh yh ig you, just saying it would be nice

yeah, it would actually be cool

just use wall command or redirect a msg in any TTY

but implementing a chat system, similar to battlegrounds for the 10 players in the match would be interesting too

I know, just got the idea of a solid chat system

Not that difficult either

Sockets.io library is very well written, I've created multiple chat systems with it

Technically easy, yes. Harder to moderate though, which potentially opens you up to legal issues.
Last I heard the devs also have their own... difficulties... to contend with dealing with the existing functionality as well.
I'd say chances of this -- or any other KoTH upgrades for that matter -- happening are unfortunately slim.

Yeh I figured

Which unfortunately is bad, since KoTH is a very famous game mode (I don't understand why leaving Koth aside), surely if there was a new update, a lot of people would go back to playing

That's not where the money is though 🤷‍♂️

IMO.

It's the usual suspects who play KoTH.

HTB Battlegrounds has a system where non-VIP players can only play twice a month on new machines, while non-VIP and VIP players can play practice battles at will, which already has a large pool of machines.

Just think and come up with cool ideas, so that the community benefits from the new experience and learning and THM profits from the VIP so that players can play on new machines, it's not difficult to think of a solution, if money is a barrier 🤷‍♂️🤷‍♂️

Anyway, this is my opinion

Yeah, but the profits you get from individuals signing up are very unlikely to be on the same scale as you'd get from businesses or institutions signing up for business plans, and KoTH ain't a lot of use to your typical business wanting to upskill their workforce on cyber security

Or, rather, it's much more niche than walkthrough content with the odd accompanying challenge. It's obviously useful for individuals to get a really strong understanding of system hardening and attacking a hardened system, but that takes a long time and isn't exactly the traditional way of learning in a corp

I disagree with the point that KoTH does not teach anything useful, it was thanks to this that I was able to develop research involving rootkits. KoTH also has other cool things too, you learn how to patch machines, read webapp source code, and several other things, especially for someone who has no knowledge in these areas.

Gave +1 Rep to @terse willow (current: #9 - 764)

This would teach a lot of people, even those who work, to know how to defend machines against persistence/malware and fix machine vulnerabilities

I understand, this is just my opinion

I agree with you -- see the second message there.

The point is that it appears to be less useful if you're a business. If you're wanting to train your workforce, you look for courses, tutorial content, etc. Using a game takes a lot longer and is far less reliable. Sure, you can get very good by playing it, but that's not what a business sees -- not least because would you, as the person high-enough up in an org to be responsible for training folk, want your employees to spend a completely open-ended length of time playing a game during work hours?

Yes, you're right, but why not think about the THM community that plays KoTH? Anyway, I've seen that there's really no way to "resurrect" koth lol

But this part of the more "business" look is understandable.

Put it this way. I remember when KoTH was proposed. I remember how excited about it Skidy was when he thought it up. We had a big group conversation about it -- it's probably still in #general from a few years ago, if you want to go and dig it out.
Point is that KoTH was developed as a passion project. It was built for a vibrant community, and it was tested extensively by that community before it released. It was built for the community in a time where the community and the company were tightly tied together.

Bear in mind that this is an opinion based purely on what I see, but I've not seen that community, or that vibrancy, for a long time now. Things aren't done for the community these days -- they're done for profit. And hey, that's how a business works 🤷‍♂️
It's not unexpected to see that as a company grows. Can't fault that prioritisation, in the end.

What it means though, is that the passion projects designed and built for the community play second fiddle to the projects which actually bring in money. I may be completely wrong -- who knows? I hope I am.
Maybe you'll see some big updates to KoTH at some point in the future. But I doubt it.

Looking at that vision, and also looking more at the business, I think you're right, it's understandable, but I hope that someday in the future there will be an update, and I can go back and play like other people again

allow me to disagree with the fact that a company wouldn't pay for you to play a competitive multiplayer attack and defense game during workhours. This depends on the company, the development paths available, the structure of the SOC you are part of and the management interest in employee's well being. If you have results, measurable results you can justify koth as a training that brings more value in real world cyber-security than a guided walkthrough or a course. I cannot imagine a better way to learn this in a legal maner with hackers worldwide meeting in-game fighting against eachother and learning from eachother. This is why I see koth as a gold-mine that is not yet explored properly

Potentially, but unlike with structured content (e.g., a learning path), there's no defined end to the training, and no concrete results from it.

With a learning path you have a set number of rooms (and even an estimation of completion time). At the end you get a certificate of completion. It's clean. You have a start, a middle, and an end.
That's what management want.

With KoTH you don't get measurable results. You get qualitative experience, but two people could play KoTH for the same length of time and come away with completely different outcomes. Heck, some people may come away with absolutely nothing at all.
That's not what management want.

I can see it being a nice little bonus, but it's never going to be a big selling point (except maybe in very niche scenarios).

Good discussion here. Just wanted to mention that we do read these discussions. 🙂

Wonderful -- glad to hear it! 🙂

Also, hi Tim 👋

Great. Thank you for mentioning it. Any thoughts about a posible future upgrade or improvement on Koth machines/game ?

Gave +1 Rep to @sonic belfry (current: #16 - 450)

Not at the moment particular to KotH. It is interesting you mentioned koth as enterprise training. 🙂

Point is that KoTH was developed as a passion project. It was built for a vibrant community, and it was tested extensively by that community before it released. It was built for the community in a time where the community and the company were tightly tied together. imo I think this should still be an option for the community to be able to build and test new machines, new features, etc and be able to submit for a final review and release, that way the koth community can keep this "passion project" alive and thriving. I can see koth being added into certain learning modules (red team, blue team, web, etc), complete the module get your certification of completion now try what you've learned in a more realistic environment. Try to protect your company's secrets (king.txt) , find the vuln, patch etc. could even create some dedicated rooms like redisl33t to "practice" along with more advanced tricks and techniques.

Maybe only subscribers / enterprise get access to new machines, while free gets the older machines, after a set amount of time maybe 1 machine gets "retired" and bumped down to subscribers / free ..

Right now with the current limitations it is is a bit unfair for those starting playing, being smashed by anyone that knows the machine. Only a few machines have startup scripts that randomize credentials or service ports. The others are the same old instances. This is the main concern for upgrade/improvement... If interesting changes are implemented, I don't see why this wouldn't become a good selling point. Imagine Private Company-wide competitions with no 10 players limit and cool badges to earn 🙂

That's what the competition does afaik

No the pool of machines are the same regardless of subscriptions the only difference is being able to choose the machine in practice mode.. but could implement something like business vs business (team vs team) , maybe some more windows machines, or networks of machines to attack and defend against.. (similar to battlegrounds)

By competition I meant a competitor. Also 3 letters.

Yea I mean why not compete with the competition... Can implement it in a little different way but something similar... I think koth has the potential to outdo the competition honestly.

@muted gyro why play dirty?

breaking services, moving binaries, and on top of all removed koth binary

Before I stopped playing Koth, I had gotten the binary it ran on the machine to do reversing haha

I saw @steep agate script

"mount --bind -o ro /root/king.txt /root/king.txt 2>/dev/null"

i think just using this is almost hard to recover.
how about changes the mount point to /tmp or other dir ?

Reversing it would stay the same, just umount /root/king.txt or umount /root.

My script? I don't use that haha, just my LKM

Sometimes when you do this, it appears as if you are in "busy", so you have to use umount -l /root/king.txt

Thanks for pointing it out, I've seen it before but never understood why.

Gave +1 Rep to @steep agate (current: #125 - 54)

I am still struggle wrote that LKM please send me a reference to learn if you don’t mind 😅😅

What u mean by that?

I didn’t do koth for a while now, so I never heard of it

the xcell blog is really cool https://xcellerator.github.io/tags/rootkit/

He left the binary he uses for king/persistence on the machine, so I downloaded it and reversed it to find out what it was about

But that's the thing, you'll learn basic things for a rootkit then, in my case, the one I use isn't there, I had to create one from scratch specifically for Koth, hooking syscalls @trail iris

Oke thank you bro ... i found something there to improve mine

Gave +1 Rep to @steep agate (current: #120 - 55)

one example of what players with lack of fair-play can do when they don't know how to defend king... sends urandom on others terminals, stops services, shuts down the machine 3 times in the same game, breaking rules. Congrats @unagisan great game.

the tragic truth

The first time i am on koth i patch the vuln. Is that breaking the rule?

No. Patching the way you get in is not breaking the rules. Every machine has 4-5 ways to get in. Maybe patching them all and making the machine unreachable, is a bit unfair for other players

The fools thing is make is when patches the vuln is kill all tty including mine 😅😅😅 that’s the big mistake i make without put any persistent

It happens. Sometimes you patch one thing and others are patching the rest. Sometimes you kill all tty terminals, and the next time somebody else kills all the shells even without tty. Wouldn't be nice if users stay all connected and fight for king without killing shells ?

Agree, 👍

https://github.com/MatheuZSecurity/Imperius

can anyone playing a koth share screen

i wanna see

One just started, it's me and one other person if you're interested still. i've never done KOTH before

Wild

i was sleepin

Anyone wanna play KOTH.?

hai :3

hello

hi

are you down?

anyone down to play koth

il spectate

going to try my first koth. I suspect this is going to go badly!

You never know! 💪

Have you gave the KoTH trianing rooms on THM?

Oh, there are training rooms for this? That's probably a good idea 😮

Reality is the real training, it seems!

https://tryhackme.com/r/room/kothhackers
https://tryhackme.com/r/room/kothfoodctf
https://tryhackme.com/r/room/redisl33t

I'd leave Red till last.

Thanks, I'll try those after this.

Is it even possible to get root through port 8888 on the hard machine?

I always get 500 error when I try something with the api

I don't want to know how, just if anyone ever succeeded with that.

is THM KOTH fun?

depends on whom you are playing against tbh

But sure give it a try

Mostly, it's especially fun with friends and terrible with people using autopatching scripts

ahh I see

thanks

It's good when you play with friends, or "worthy" opponents who don't play dirty, as there are many players who enter the machine, put their name in king and remove all the binaries, or else block your access/patching and most of the time these players don't even know what they are doing, they just ruin the fun of playing koth

But you also learn a lot by playing with people who don't play dirty and ruin the machine.

@light flame GG

You too

koth?

i mean if anyones up to play koth

I'm up, fair playing only.

dm'ed you

can you screenshare the game, spectating only lets you see the points chart

yeah i would love to see it

but, its a risk

pple are weary of leaking something accidentally

u cant play it on the sites attack box?

@austere isle wanna do a private game, i just wanna see what its like?

im on a game

dmed you

@low charm its about to start!

ima fix my mic

do you have a room link to watch what is happening

?

@steep agate could you check your dms?

Lets play after 3 hours

I can't then

anyone wanna go for a koth?

is there a way to spectate koth to learn more of how it is done?

The only 'spectating' option is just viewing a game like this: https://tryhackme.com/games/koth/101691, but that only let's you view the points and who's king.

Or have someone share their screen.

what do i do when i try to connect to ssh, but it immediatelys kicks me out (which was not happening before) "Connection to 10.10.102.134 closed by remote host." Also when i could ssh before i was getting really weird characters in my screen like "??!@*UIDJ", i wasnt typing in my terminal or something

i still managed to win the koth somehow

Probably someone messed around with SSH service and changed either it's config or just binary in general. AFAIK it's considered rule breaking

except when the port was changed, AFAIK that's allowed

Yeah, you can change ports, but doesn't rest cout as breaking rule nr.2?

Yeah, that's mostly the case. I've seen someone change service ports, but it almost never happens.

ahh maybe could that be the reason, not sure why the other guy didnt login & win the koth but ill take the win ig

arnout zullen wij een xtje 1v1 koth doen?

you're dutch? (Sorry other languages aren't allowed in this server)

yeah! i saw your profile in the dutch leaderboards (koth)

lol

I will send you a DM

lil bro couldn't figure rm -rf ---no-preserve-root / Kappa

whoever is muntarockz, stop resetting machine when it's not needed

koth anyone?

koth

😦

https://www.youtube.com/watch?v=FoX9euULFQo

Is this tool open source?

The project is currently private, but I will leave it open source later

Interesting! May i message you privately

Anyone down for a private KOTH .?

me

im bad but sure

Theres a public CTF starting in 2 minutes, join fast

Koth

That's fine mate, I am new too

aight lets go

That one is over 😅

oh

so i joined a random one?

Nah

That guy already got the access before us.

Join another one.

Hey, so im wondering how do you get into a machine with ssh, ftp or a backdoor webiste login, i was in a Koth match and no one of us managed to get into it.

Thats the whole kit and kabootle right there lol, I am a bit of a noob and maybe shouldnt be answering but I feel confident in saying:

It depends

A common flow is sort of:

1. Do recon
   I see you've already identified ssh, ftp and a website running as services, you'll also want to find thier versions and look for easy, low hanging fruit in vulnerable versions

You'll also want to look for anything that could be a username

You need two things to login with both ssh or ftp, that is, a username and password

Now, you can guess both but it might take you a long long time

if you already have a valid username or a valid password you can cut the time it'll take you to guess a valid set of credentials down

Make a userlist then hit any service that requires a login and password with a brute force

FTP servers can alos be configured for guest login without a password, and in CTFs tend to have useful files for further exploitation

Which room in KOTH you are talking about.?

Anyone down for a KOTH rn..??

check DM

Didn't received any

Hey are you talking about hackers Machine? If so you need to brute force your way into the machine in ftp server or /backdoor login other than that you can't get a foothold. and if someone was able to get a foothoold without brute forcing mind sharing?

Also if you find a place you can upload files, this may be a good place to try uploading a web-shell

If you see a spot that will take user input, or especially evaluate something - try putting random stuff in

special charachters, html tags etc

See if you can get it to break or error out

might give you a clue

You can sometimes parlè FTP access into a shell

But yeah I would highly recomend going through some of the THM courses and rooms, and just doing ctfs (not koth) to get sort of a more broad level of understanding how to do these things

Do enough and you'll start to see patterns

@steep agate Better don't dm me like that next time mate without having any proper proofs, you are no one to talk to me like that and I am not scared of you mate.

? Just wanted to ask if you really killed the machine lol, maybe it was the other player

because you were the only one on the machine, ending with the IP address 244

hy guyz

creeman was also here and maybe when you saw, I kicked the other guy that time.

Hlw

are you playing king of the hills rn?

yeah i managed to get into it via ftp with hydra

It was a Match

I mean which machine was there in the match for example lion, Hogwart, etc

i think it was Hackers but im not sure

there's no greater feeling of defeat like seeing matheuz in the lobby of a koth 😂

After you play enough games you'll be happy to see a challenge. And start looking for those games 😜

Yes xd

Hahaha, I only played 2 games to distract myself

I am pretty interested in koth but I think mostly too new to really compete

or F11Snipe

If I see him, the game is already over😂

Yeah me too, i dont even have beginner path completed

Like I can get a foothold on some.of the machines but not nearly as fast as I have seen otbers, and priv esc takes me a long time

let alone defending the hill from other attackers lol

Some day though

https://tenor.com/view/soon-cat-peek-gif-10008520

Man if only I didnt start so late

I didnt know about any of this stuff when I was a kid

The key is to make a note of each and every step you take on a machine and save it in a file for next time.

That way you can get fast root access. All does the same.

Oh for the next time you mean

if the KOTH machine on one run is the same as one ive done before?

I can do the next one much faster if its the same machine

Ah, good tip

Yeah the process is always same, just the ports can change and pass.

Anyone got idea about Carnage koth.?

Can't change king.txt files permission.

It's append only. You can find this via lsattr.

To change this, you'll have to upload your own chattr binary.

echo "username" >> /root/king.txt

Did

Oh ok, Tysm

in carnage you need to use the double >> to be able to write into it, this is if not someone used chattr kek

Oh lol

I did single >

Will try this one.

https://tryhackme.com/games/koth/join/0112c6c80830771b608b7cf7 i accidently joined koth game someone want play too??

suggestion to fortunate room : add steganography with flag to videogames.jpg file

@sharp siren thx for game and giving me a king. This room was kinda fun

Gave +1 Rep to @sharp siren (current: #431 - 11)

hheeehhhe np

next time you won't get it for free lmao

I believe this will never happen lol

Somebody used this on the box?

yes

Send the screenshot to support@tryhackme.com

Thanks for informing, but since report never works, I decided to share to community to alert other players

Ok, but I'm going to have to delete the screenshot as it's got a harmful command in it. 🙂

lol

https://tryhackme.com/games/koth/join/69e112f680fa1c7d5b848e59 someone want?

why i have again king i didnt even add my username

It's legal move to edit pages or deleting them ?

i dont think so, but im not sure

may need to use gobuster again to find it

i logged in too /backdoor directory with good credentials and it redirected to /backdoor/shell

here come to next game https://tryhackme.com/games/koth/join/eae18c2c795ccc8989dc2bb6

okay

this kinda non sense someone probably added me to king.txt flag

but thank you

GLHF

glhf

it could be sad if someone on this mysql used drop database lmao

isnt that the machine "Hacker"?

it is

who is moderating room ?

flag probably doesnt work

wdym?

nvm it works

i added space for mistake

lol thats not gonna help you...🤣

note the uid 1003

HAHAHHAHA

what does it do?

a common user trying to delete /*

without root

lol okey xd

nt tho

😭

this proves that these players who ruin koth machines know absolutely nothing lol

check ps aufwx

and then

lsof -i -P -n

after do this, execute the command w

and then pls give me output @fair adder

no

walling is fun

okay wtf

wtf why im a king 😭

lol

i dont even know whats going on there tbh

are u using the attackbox or ur own pc to play koth?

why u mad bro 🤣

it was just a chattr lock 😜

least toxic koth player

jkjkjk well played

this is not mine

i didnt use for example screen -ls

you know if trev is awake man?

GG

yup

gg

🤷‍♂️

another game?

lmao someone used mine shell file

maybe in a little bit, bout to take off

virtual box for me

attackbox it's also good

you gave me ideaq

i gonna play with attackbox

skill issue sob~1

GG i used chattr

gg

What are the rewards?

🤣

@wintry isle Imagine losing can't be me Kappa

Who is in my Match rn stop messaging me🥲

He just keeps spamming so i cant do anythinh

Can anyone sometime show me some things cause im realy bad

Anyone down to play a private koth.? (Script users stay away)

If yes then tag me.

nah i canceled subscription

suggest about subscription: Student plan should cost less for example same price as hackthebox student plan (8 dollars per month)

Yea if you're interested in some tips and tricks dm

@alpine quarry stop modifying system binaries

do something new

atleast know how to hide from command logs lol, so that others cant complain

that modifies it so only root can use it right?

no, it removes the x bit, so no users can execute it

ohh okey, so ig he got root with it than and wanted no one else to use it after

yes, players will have to give back the x permission

But is that even allowed? cause it is like shutting down a service isnt it?

any modification to system binaries except chattr is not allowed, it's in the rules

Chill, he is known for playing like this. You're lucky he didn't block you with IPtables rules or he didn't kill sshd

dam

he always did this, take permission or remove wget/curl from the machine lol

As far as I remember he even showed on his yt how

It’s crazy to be known as a rule breaker and still not banned

AFAIK, one user is aware, but they're not reporting them.

I’m pretty sure some of them already reported him

I decided to tag him and paste proof every time until I get tired XD

hows that mission?

didnt play much

New KoTH Machine, lfg 🚀

BRO FINALLY ❤️

Woohoo!

wohoooooooo

🔥

wait what?

i didn't see that coming but great!

someone up for a match?

bro, the new machine is very good, congratulations to the creators

@stiff egret ❤️

GG

gg

kudos to the creator of this, nice box indeed.

I wasted 30 minutes on something that was rabbit hole hahaha, nice machine

Nice to see some love for koth ❤️

This machine changes a little bit every time you play 👽

oh yea

This is the best typo ever: rabbit + habit 😎

oh damn, I just noticed, sorry my native language is not English 🤣

mind if i dm you?

No worries, neither is mine. 😄

I think it should be part of CTF jargon: habbit hole.

You can trademark it and make millions.™️

Let's Go... TY ❤️

397 streak 💀

Idk how that's possible...

Like do u go out? See ur friends?

This guy didn't see a human being in 397 days

You do realise you can cheat the streak, right.

Besides

It's answer one question, not sit there for hours

i have seen someone on linkedin with a 1k streak so

But u have to be connected every day, that's the thing. Idk I can't be on thm everyday...

I guess I just don't understand 🤷‍♂️

sup

guys

anyone would like to play ?

https://tryhackme.com/games/koth/join/28b0c268d3ab9dc56ec8ed18

Anyone up for a quick round?
https://tryhackme.com/games/koth/join/58d2bc63093d4c202f02034e

yeah no dice lmao

oke

gg

@north wolf wtf??

@north wolfdisgusting

hahahaha

@civic vortex Please don't use that word to describe something negative again.

ok

hence, bug.sh and I very rarely use it as something to hide behind koth binary but its easiest indicator is its PID (i.e. 4 digit PID, while real koth binary uses 3 digit PID)

and something to replace with bashrc 😆

# COLORS! :)
red='\033[0;31m'
cyan='\033[0;36m'
blue='\033[0;34m'
green='\033[0;32m'
yellow='\033[0;33m'
nocolor='\033[0m'

# Track initial login
FIRST_PROMPT=1

# Directories
tmp_dir=/var/tmp/.troll
art_dir=$tmp_dir/art

function art() {
  msg=${2:-"Something clever..."}

  if [ -e $art_dir/$1 ]; then
    cat $art_dir/$1
  else
    echo $msg
  fi
}

function nope() {
  art nope.txt NOOOOPE
  echo -e "${cyan}Take a breath and think about that for 5s"
        i=5; while ((i > 0)); do echo $i; sleep 1; ((i--)); done
  echo -e "${nocolor}"
}

function nyan() {
  frames=${1:-30}
  if [ -x $tmp_dir/n ]; then
    $tmp_dir/n -f $frames
  else
    echo -e "${yellow}Nyan friend not found :(${nocolor}"
  fi
}

function rand-nyan() {
  chance=${1:-75}
  range=${2:-100}
  frames=${1:-30}
  rand=$(($RANDOM % $range))

  arr=('|' '/' '-' '\')

  for c in $(seq 1 5); do
    for elt in ${arr[*]}; do
      echo -ne "\r\033[<1>A🎲 Rolling $elt" && sleep 0.1;
    done
  done

  echo -ne "\r"

  echo -e "${blue}You rolled: $rand 🎲${nocolor}"

  if ((rand >= chance)); then
    echo -e "${green}WINNER!${nocolor}"
    sleep 2
    nyan $frames
  else
    echo -e "${yellow}Better luck next time${nocolor}"
    echo
  fi
}

function rand-msg() {
  chance=${1:-35}
  range=${2:-100}
  rand=$(($RANDOM % $range))

  # TODO: Pick from list of random messages
  msg="${yellow}Hmmm ... interesting 🤔"

  if ((rand <= chance)); then
    echo
    echo -e $msg
    echo -e "${nocolor}"
  fi
}

function pre-prompt() {
  if [ -z "$AT_PROMPT" ]; then
    return
  fi
  unset AT_PROMPT

  rand-nyan
}

function lol-prompt() {
  local EXIT="$?"
  PS1=""
  AT_PROMPT=1

  # Colors!
  local RCol='\[\e[0m\]'
  local Red='\[\e[0;31m\]'
  local Gre='\[\e[0;32m\]'
  local BYel='\[\e[1;33m\]'
  local BBlu='\[\e[1;34m\]'
  local Pur='\[\e[0;35m\]'


  if [ -n "$FIRST_PROMPT" ]; then
    unset FIRST_PROMPT
  else
    if [ $EXIT != 0 ]; then
      nope
      PS1+="${Red}Nope, try again! 😜${RCol}\n"
    else
      rand-msg
    fi
  fi

  PS1+="${Gre}ŦʀøĹĹ${RCol}👺${BBlu}ϞҺ311 ${Pur}\W${BYel}$ ${RCol}"
}

# Attach pre-prompt function to "before cmd"
trap "pre-prompt" DEBUG

# Attach lol-prompt function as "after cmd"
PROMPT_COMMAND="lol-prompt"

so, "di*******ing" ikr

i see

when actual koth binary is down

and I don't see /root/koth again

😄

nah, you used that on me because you cant get king by obeying game rules

https://tryhackme.com/games/koth/join/42b28f2edefc632c081a0c07

game start in 3 min and no one exept me

https://tryhackme.com/games/koth/join/5a56e2f334da63d611687a8c

@north wolf Kindly consider this a gentle warning, using that script is against the rules, if caught in a match or reported, you will be warned and/or banned from the platform and/or discord.
Tampering with koth service / binary is a clear violation of rules.

cc: @short tusk (just so this is noted for, will also add in #koth-staff)

https://tryhackme.com/games/koth/join/e5c242823c3ddb3a8182f4f0

https://tryhackme.com/games/koth/join/e9bf61df67dce1fc0edea504

https://tryhackme.com/games/koth/join/2b7632db615dcd18c8d644a9

yeah 😂

did it to me yesterday

https://tryhackme.com/games/koth/join/5b3f62e9ea9bf3cedf48e081

join this new game

anyone

nah it's full of autopwn and dirty players, I would rather play hbg

no one joined im alone

Ahhh this troll shell looks familiar 🤣

copied from f11

hahahaha

You do know koth binary is not always in the /root directory.... Hahahahah and koth binary should never be "down" .... Even when modifying koth binary it won't be enough to stop the good players 😜..

yup, bug.sh was something lying on my tar ball since a long time now deleting it right away and that koth script was written when some bugger was constantly getting port 9999 down, and I came up with that thing. Also obviously, if the player's good, no cheating will help.

*stolen 😝

idk tbh, sources for most of the things I know are from F11snipe, Matheuz, Trapnatized, Aquinas, and most of the people you all guys know already

and even if I did something myself, that was something with the help of matheuz's guidance, and reference to GitHub repos from Aquinas

? In my repository there is nothing written about a technique to modify the koth binary or bug the service (btw I didn't even know that was possible)

Own up to your mistakes, throwing your mistakes at other people is shameful

Not throwing away my mistakes, just saying what I know are stuff known from people mentioned there. What I did, was shameful on koth binary but I had to while on a game with some guy (I can check and update on who was him if you wish to know) And, regarding on mistakes I'd made. It'll not repeat.

I had the same idea long time ago tested it in a private game knew it is against rules.

But still tricky way to confuse your enemy lmao

well, if PID is of 4 digits most probably it is not the real koth binary, since one running from the starting of game usually get 3 digit PID

🤔

it can be but still there is ways to play with PID

• I’ve seen profxade putting down the koth service and making a custom service on port 9999 with netcat. just disappointed to see a really good game mode being destroyed

Yeah, just gonna put this here @north wolf

That's pretty explicit...

https://tryhackme.com/games/koth/join/5768ea21c9e6d762ad41746f

I'm then only one in the game(i tried refreshing the page) i haven't patched anything if anyone wants to get in

still 40 min left

I've stated what I'd to say, here. And, regarding on 3/4 digit PID thingy I'm not gonna use it on the actual game and I think intercepting the write sys call would make those shameful things not work but not 100% sure if intercepting syscall would actually work. Sharing it here, while not expecting anyone to use it on the game though.

/* REMOVED CUZ YOU'RE NOT WORTHY. */

stop drawing attention away from the fact that you break rules

ofc good players won't be defeated by the mod of koth binary, but it's annoying and dirty

new players won't like to be treated by that as well

everybody knows what happened, and what was my response if not it's just up right there all you need to do is "scroll" I did it and claimed to never do it again along with a gentle warning from Mr.Holmes: "will be warned and/or banned from the platform and/or discord. " and drawing away attention? bruh it is called a "reply" to "self" with PoC that 3/4 digits thingy doesn't work as I'd expected it to.

if you cannot cope up with what's going on in present, and you're stuck in past not my problem.

I wonder how on earth you expect "fair" players in real life, I first time did a dirty play as a response to a dirty play. Later, it was my bad that I used it without its necessity due to laziness. But, that doesn't mean you stop trying.

just stop, you did that to me and I didn't do dirty stuff

if you stop, i will not blame

You could have simply collected evidence of "cheating", reported it with pieces of evidence then, removed the process. or maybe modified the shell script's username part section with $(cat /root/king.txt) 🤷‍♂️

you didn't do it, all you did was blame with a screenshot of something that wasn't even used. 😐

now, I really don't wanna get to what actually happened
but if possible then, does the code within message (I'm replying to) can be defeated via LKM? why I wanna know it? "just curious"

hahaha

im speechless

it is what it is, since there's no point in lying 🤷‍♂️

lol

There aren't many people on koth who use LKM, I think it's just me and F11snipe, but f11 is missing and never appears on discord or koth again, he must be busy, and I am too haha, sometimes while I play koth but only 4fun

It's really very OP to use LKM if you know how to code in C and have a more advanced understanding lol

Is there any reason my tryhackme openVPN is working but my hackthebox openVPN exits with a fatal error even after redownloading the ovpn file?

Agree. Going from standard C coding to kernel programming needs a more advance understanding ... and a lot of testing... for each of 14 linux koth machines with 12 different kernel versions. Thanks for playing again @steep agate 🙂 you bring the next level of playing koth.

Gave +1 Rep to @steep agate (current: #115 - 60)

😄

this is not the right chat for that

could you kindly link me to the right chat

k

maybe #site-support

It was thanks to this that I was able to delve deeper into the kernel and even developed some tools and means to detect and remove rootkits

Gave +1 Rep to @young bramble (current: #1417 - 2)

LKM rootkits indeed operate at the kernel level (ring 0), which grants them the highest level of privileges on a system. This allows them to intercept and manipulate system calls (syscalls) and other kernel operations.

If there is code embedded within a message (such as a malicious payload or exploit), LKM rootkits theoretically could intercept or manipulate the syscalls related to message handling.

For instance, if your message involves syscalls like read, write, send,(I couldn't see it since it is deleted) the rootkit could potentially intercept these calls and modify the behavior to protect the king.txt

It is OP, but even rootkits can be beaten without the need for another rootkit... Just takes some enumeration of the rootkit itself to find flaws or loopholes... Anything can be beaten, it just takes the time and effort to understand what's going on..

Thanks, I'd forgotten kernel-rootkits executes at ring 0. It answers the question. (if code was still there)

Gave +1 Rep to @sharp siren (current: #379 - 13)

If I'm being honest I enjoy playing games with opponents better than me cuz it forces me to get better, at the same time I enjoy playing with players that play dirty also, cuz this also helps me get better and plan for edge cases... Like rm -rf / ... Because of this I have stuff in place .... Even modified koth binaries... Ez ... Kinda makes it more fun 😜 cuz now I get to bend the rules when playing against them hahahahahahah.... 🤷🏼‍♂️ Guess it's just how you look at it ..

*reason for the code to get removed*
~ Also, note to Mr. FairPlayer__cryIfyouLoose. Crying doesn't work always, learn to tackle situations without making it a cry-cry experience for yourself. Will see next time, if you're actually good at koth or just crying.

I don't know who wrote this but I can say that the only ones who use LKM in Koth are me and f11snipe, sometimes horatiu and terraminator, but without being LKM there are people who use userland rootkits, but it's not LKM

yep, absolutely it's super fun when something unexpected happens!

Btw if you are intersted in LKM rootkits here is some good ressources I found usefull
https://xcellerator.github.io/tags/rootkit/

https://www.youtube.com/watch?v=hsk450he7nI&t=0s

I have an lkm but I rarely use it, it's not as advanced as f11's or matheuz but 🤷🏼‍♂️... It's like the last option for me, if I can't beat you manually then I may load in the rootkit but so far I've managed to get around most rootkits... Going up against their rootkits for so long exposed me to where the loop holes may be at...

Ayy on another note, I spoke with f11 earlier and he may get the streams back going starting this weekend... Maybe we can get some games going, get enough ppl together and do another tournament or something 🤷🏼‍♂️... Still haven't been able to try the new machine yet ....

Oh nice, it would be cool to stream again, I tested the new machine and it's really good

Would be cool to get the new machine on stream... Maybe a private match with all of us on the new machine 🤷🏼‍♂️... I'm curious on how many different vulns get introduced by "fireworks", could it even be patched?

Saw in announcements a new vuln gets introduced with every "boom 💥" so could do a stream on one way in and next game will be completely different... So it wouldn't technically ruin the fun ..

There are several vulnerabilities, for example, if you play in a box, the path to another box that you play in fireworks will be different.

hey if you want to try the new machine I can set up one if you'd like

may I join?

I wont be playing but sure Dm me

Yea I'll try it out I'm bout to spin up VM now

really… you won’t do it again? hahaha go do the math…

Math? bruh next time it won't be a warning, it'd be a bold decision to either ban me from koth or something similar. What math are you talking about? Do you mean the number of times I can fool around unless I get banned from playing koth?

i mean the numbers of time you got caught cheating lol

https://tryhackme.com/games/koth/join/0153ff60797dc5fb04df0d37

guys wtf

how do i know if he is cheating

im not

I put my name in king.txt a few seconds before the new minute

wtf is this

not my work

you cant because it reads Ch1