a begineer question what does that windows machine means ?
#koth
fair adder
fossil helm
a begineer question what does that windows machine means ?
im there
inside
com
come
fair adder
i mean come inside the machine
I don't know how do i come inside the machine π
I started just now
reading writeups
fossil helm
yeah i gain a lot of knowledge in koth too it's my 2 weeks of playing koth i will just try to get 101 wins then stop for a month or 2 months cuz i will do some quest after
fossil helm
I don't know how do i come inside the machine π
metasploit or searchploit
honest beacon
a begineer question what does that windows machine means ?
It's machine which have windows OS
honest beacon
@civic vortex sh-4.2# sudo systemctl restart sshd
Error: No space left on device
Warning: sshd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
i have faced this first time.What's that ?
civic vortex
i have faced this first time.What's that ?
not sure
just try systemctl daemon-reload
civic vortex
Are you inside?
secret
honest beacon
secret
I know you are always inside
and playing with opponents not with machines
π€£
civic vortex
yeah I dont like to just load my stuff and set king, then go another game
honest beacon
you came using tigress ?
@civic vortex
root 2105 0.0 0.2 156700 5572 ? Ss 03:28 0:00 sshd: tigress [priv]
tigress 2123 0.0 0.1 157028 2768 ? S 03:28 0:00 _ sshd: tigress@notty what that mean ?
tigress@notty ?
civic vortex
maybe some leftover connection
honest beacon
maybe some leftover connection
just asking tigress@notty means
civic vortex
just asking tigress@notty means
it means a ssh session connected with -T option to not spawn TTY
civic vortex
ooh -T or -t ?
you can use man ssh to see the difference
honest beacon
you can use `man ssh` to see the difference
Thanks for it
sour vectorBOT
Gave +1 Rep to @civic vortex (current: #491 - 10)
honest beacon
By the way i know you always inside machine
ππ
Just waiting someone to do first move
fossil helm
Im done see u nextime lol
In 2weeks of playing koth i enjoyed it
So this is ctf i am curious about atleast i have now ideas
Thanks to those people i dmed when i need a explanation the community is helpful also giving some motivations π
honest beacon
Im done see u nextime lol
Waiting for you brother
fair adder
By the way i know you always inside machine
Bro is tryhackme's todayisnew xD
civic vortex
they play bulklyπ
yeah thats funny
honest beacon
first time i have seen a lobby full of players
honest beacon
yeah thats funny
they play bulky for resetting i think
and they all left on last 30 seconds and joins another game in 30 seconds π€£
civic vortex
first time i have seen a lobby full of players
Yeah all accounts are owned by -> https://tryhackme.com/p/Tarvix
But I guess its a fake account too
honest beacon
Yeah all accounts are owned by -> https://tryhackme.com/p/Tarvix
I'm thinking the same
And on tyler machine they own machine and closed all ports only 9999 port is open and we can't reset becouse we need 5 accounts to be reset for resetting machine and i thought there are only 4 players that plays game and in lobby there are 10 π€£
and now king is Travix
civic vortex
yup some Anti-societies want to win games with fake account
honest beacon
yup some Anti-societies want to win games with fake account
Yeah you are right
but he is afraiding from you brother @civic vortex π€£π€£
civic vortex
but he is afraiding from you brother <@346877537026179072> π€£π€£
nah he joined again, he just copied invite link and left lol
what a weirdo
honest beacon
by the way i have copied link to gane too
and there are only 2 peoples there you and he but there are 6 accounts π€£
i think we should fight he has 5 accounts so we also need 3 more accounts we both teams will controll game
civic vortex
i think we should fight he has 5 accounts so we also need 3 more accounts we bot...
nah it's a meaningless fight, he have 5 accounts so he can always reset
Im just gonna watch what hes doing
honest beacon
nah it's a meaningless fight, he have 5 accounts so he can always reset
if i join and cann 3 more persons we will too have 5 accounts
it will be equally
honest beacon
ik but I dont want to spam reset against him
yeah that's right too π
so you are making a honeypot for that bee π
fossil helm
if i join and cann 3 more persons we will too have 5 accounts
I tried to hunt that travix and his dummies too they joined the room i created and left me alone when the game starts π₯²
Imagine he put so much effort just to win lol bet he is using firefox extension multi container so its easy to setup if you really want
But he solved boxes in each accnt because its all the same 0x4 level
honest beacon
But he solved boxes in each accnt because its all the same 0x4 level
who cares
noone paid here for solving games
honest beacon
@civic vortex I saw you firs time resetting machine π
is there no way other than ssh for shrek ?
civic vortex
<@346877537026179072> I saw you firs time resetting machine π
yeah the machine crashed
honest beacon
yeah the machine crashed
No it's not crashed by the way
I closed the doors for you
but you just break the doorπ
honest beacon
ok it crashed again
This time IDK
I just play from 5 hours.So i just go .Bye brother
steep agate
I closed the doors for you
Is closing the ports allowed? π€
honest beacon
Is closing the ports allowed? π€
I mean closing door by changing ssh port
Not closing the port brother
It's just like riddle
π€£π€£
civic vortex
I mean closing door by changing ssh port
I was already in machine then it crashed, confirmed by couldnt ping it
honest beacon
Don't go on words.Feel them
honest beacon
I was already in machine then it crashed, confirmed by couldnt ping it
IDK about it
civic vortex
its an old machine anyways
civic vortex
π
honest beacon
you can reset again
civic vortex
no big deals
civic vortex
Did you reset again
nah didnt crash again
maybe my persistence script confilcts with your actions
honest beacon
maybe my persistence script confilcts with your actions
IDK but after resetting the machine I don't do anything
how even it's possible
maybe your vpn freezing that time ?
civic vortex
welp it only happens on shrek and hogwarts constantly, not my VPN issue
honest beacon
Anyway leave it I have to go for dinner>Bye
civic vortex
lmao @alpine quarry rebooting machine again, havent seen him for a long time
fossil helm
lmao <@888793817514405908> rebooting machine again, havent seen him for a long t...
He is playing 2-3x a day but different time
When you're all sleep hehe
civic vortex
fossil helm
lmao <@888793817514405908> rebooting machine again, havent seen him for a long t...
Didn't he know you're there
Lol
Anyways i watched masco's youtube before when i was new playing koth he is good
civic vortex
Anyways i watched masco's youtube before when i was new playing koth he is good
I would just recommend h00dy's or matheuz's
fossil helm
I would just recommend h00dy's or matheuz's
I watched them also.
Hoody's 3-4 exploit in fireworks does not work for me I cried and scratch my head π€£
Fireworks so weird box but its challenging
near lily
Fireworks changes.
steep agate
Fireworks changes.
Does Fireworks have that mechanism for automatically generating boxes with different paths? I think this functionality is in business right?
near lily
Does Fireworks have that mechanism for automatically generating boxes with diffe...
Fireworks does load up different "settings" yeah, but even then I think it's 2 or 3.
steep agate
Oh i understand
steep agate
Fireworks does load up different "settings" yeah, but even then I think it's 2 o...
firefox is really good
better than chrome
light flame
Fireworks does load up different "settings" yeah, but even then I think it's 2 o...
It was 3 iirc
steep agate
what is this? new room?
ancient cliff
bro is just farming here
stiff egret
bro is just farming here
nothing to gain by just spamming boxes.
civic vortex
it gains the feeling of power and to be in control πͺ
honest beacon
nothing to gain by just spamming boxes.
do you heard about satisfaction π
ancient cliff
do you heard about satisfaction π
this morning we had a 1v1 and you destroyed me π i learnd a lot and i enjoyed it π thank you
sour vectorBOT
Gave +1 Rep to @honest beacon (current: #1494 - 2)
ancient cliff
i had root for 20 sec i guess π
now im learning to draw filesystems to read-only faster than my gun π
honest beacon
yeah you are right brother
but , at first i just try to solve and patch the machine fully like changing ports and so many things and created so many thinhs.But, for now i just have 1 script that kills tty sessions amd you can always bypass it using ssh -T username@ip and as all know i don't use LKM's so if someone is inside machine so he can beat me.But,i think this help them to learn a lot when play against me .I just give them chance i use chattr only to protect king nowadays.So if someone just use walkthroughs can't understand concept untill they face some problems.If someone though someone is killing my shell everytime so that person has to think that he also can kill his shell or try to find another way to bypass it.So,it's just helping them. To understand how rhings are working
i remember when someone has change password for a user.so i decided to learn that thig.how to change passwd.someone change pkrts so i just make script to change port and i just understand concepts by playing that onlu
by the way i'm not spamming games brother.So i play upto 20-25 games everyday.so i will think about others and will join only 5-10 games a day and try to keep machine as natural as possible
Ot was earlier when i think about leaderboard.But now i don't play for leaderboard.Just play to learn.But, sorry if you think i'm spamming.
And also thanks for it.
But do you know a thing.If i stop myself for joining that games.Lobby will be closed due to insufficient players π€£Becouse everyone know if i will be inactive then other person come and join every gane
so nothing will change in my openion
but, thanks for realising me that,From tomorrow ownwords i just join maximum 10 games a day insted of 25-30
honest beacon
i had root for 20 sec i guess π
That's great brother.keep growing
fossil helm
Solve thm boxes guys
Thm will not listen to your rants π
If you paid come and join me solve this new box K2 im almost drained and 24hrs solving but im on my way to finish
fossil helm
now im learning to draw filesystems to read-only faster than my gun π
That's my first best defense 2weeks ago when i was starting koth π you will learn each day.
There's a lot of resources over there to read, before i start playing koth i always read 5 sources that i saved. Also there are people here that will help you understand.
I saw you when i was new here in koth channel. We had the same rants before but dont be discourage just play and learn they will get tired so that hours you will practice and enhance your skills.
fossil helm
but , at first i just try to solve and patch the machine fully like changing por...
You're so good now bro π
fossil helm
@fair adder also we're the same before i also get pissed off. Like what the heck is this guys is like a bots. I tell you, you will not be as good as them but you will learn pretty soon some techniques that you can use.
sour vectorBOT
Gave +1 Rep to @fossil helm (current: #2255 - 1)
fossil helm
Well, just wait until they make the all the machines like fireworks machine so that would be interesting and fun to play. THM koth is still beta but no offense their beta takes years π« π
steep agate
Take the chance to play against players using rootkits to learn more (if you want) π
It's good when you play against good players, you try harder, and you learn more things by researching
honest beacon
did you play against me ?
I never used rootkits
i just use chattr at maximum protection for king.txt
and sometimes i just don't use it too π
But, if you think why always my terminal got killed.So you will grow π This happened to me earlier but then i realise how to play against it.So now.Untill corona comes we don't know how to face this situation.So, belive me if you really wanna face this and doing some great thing.You have to face a lot things and find other ways rather than blaming.I know you are right brother.KOTH should be improved and having some restriction too.But, we have to play as it is becouse, it doesn't give restrictions.So we have to face this to become good.Noone knows me before 40 days and even Thinktwice is new.But we both have same concept Learn by fun.So we just learn new things everyday rather than blaming anyone π
But, if everyone is not using rootkist.Then it should be improved π€£Becouse in my openion rootkit's seems cheating in my openion.According to me we just habe to patch machine not making machine ours by rootkit π€£But, still who cares Tryhavkme never reads feedbacks π€£So we have to play as it is π
steep agate
But, if you think why always my terminal got killed.So you will grow π
This happ...
You can count on one hand which Koth players who are still playing this game today use rootkits
honest beacon
You can count on one hand which Koth players who are still playing this game tod...
and also count number of games played by them too brother.I'm not blaming anyone but,most of the game played by only 5 persons nowdays me,trevo,ch1,,bravosec and thinktwice
joint victory of all 5 is 136 victories and all other player have 20 victoriesπ
and this data is of only 4 days
So just think how annoying is this for new users
even they scared of joining public games
there should be a limit
in my openion
near lily
in my openion
honest beacon
<#757261859270426745>
i have tell them so many suggestion at that place before 30 days.But, i thenk either they don't have time or they really doesn't care about it.
if you are a moderator please checkout my suggestions and think about it.The thing you think it has to be change just change or other than that leave it.
fossil helm
In the world of kung fu, speed determines the winner - Bruce Lee
π
@honest beacon you know it
Maybe when THM koth was new to the public i saw videos and streams 2 years ago yeah they enumerate and aim for flags so enjoyable to watch.
But now. What bruce lee said is applicable to that ctf koth π
honest beacon
Maybe when THM koth was new to the public i saw videos and streams 2 years ago y...
So, we have to take break or give punches to opponents untill they surrender.
But, in both cases nothing will change untill Tryhackme Mod team don't do anything
inland falcon
π
steep agate
and also count number of games played by them too brother.I'm not blaming anyone...
On ch1, I reversed his rootkit, and made some notes on what each one did, I also recovered the original .ko with all the source code π
like this
I just wouldn't share it because I think it would be a mistake to do so with his rootkit in the koth chat, but I did a good analysis out of curiosity.
obsidian lark
In the world of kung fu, speed determines the winner - Bruce Lee
π
in the world of koth, its all about speed π
civic vortex
in the world of koth, its all about speed π
fossil helm
I just wouldn't share it because I think it would be a mistake to do so with his...
just make a variant and share jk lol
honest beacon
She : How much you can do for me?
He:I can own 10 account for wictory π€£
Travix : My efforts for winning.Created 10 accounts but, just a bit late so only joins 7 accounts π€£.
ThinkTwice : I'm lone wolf
ππ
sonic atlas
why you guys use more than one account just play the game the way its ment to be played
steep agate
Travix : My efforts for winning.Created 10 accounts but, just a bit late so only...
tarvix is ββa bot, the 10 accounts are bots controlled by a single person which I really wanted to know, why this is not normal lol π
fossil helm
Travix : My efforts for winning.Created 10 accounts but, just a bit late so only...
yeah we talked about that that guy a while ago lol
fossil helm
Travix : My efforts for winning.Created 10 accounts but, just a bit late so only...
i am expecting he will reset
but he didnt
lol
honest beacon
i am expecting he will reset
me too just waiting for him to reset π€£π€£ Then i will report them all
honest beacon
travis vs you lol
If he is resetting against me.so he has to reset every minute.
So should we start a campain for making gane better ?
like creating #koth-Campain etc
If everyone raise voice we wil won.
I just tried alone everytime reported them.mailed them.But, who cares
Anyone is with me ?
steep agate
just make a variant and share jk lol
So guys about this, I decided to share even if ch1 gets mad, at least to be more balanced against the other "normal" players, at least to let them know what ch1 does with his rootkit
And the summary of what some of the functions do
obsidian lark
So guys about this, I decided to share even if ch1 gets mad, at least to be more...
bruh c'mon u revealed the important part...
steep agate
bruh c'mon u revealed the important part...
Let's keep everything balanced, many don't know how to create rootkits
I talked to a few people, and for other players with common techniques, I think it would be cool to let others know what they are dealing with, even if they don't know how to create rootkits
obsidian lark
Let's keep everything balanced, many don't know how to create rootkits
the module can be reversed and his secrets are revealed right... its even possible to get the full plain code
steep agate
the module can be reversed and his secrets are revealed right... its even possib...
Yes, the kernel object that was leaked by that guy had anti reversing techniques, so I did (anti) anti-reversing and managed to recover the kernel object without having everything nulled
Do you think I should delete the kernel object and just leave the txt?
obsidian lark
exactly u leaked his kit π
obsidian lark
Do you think I should delete the kernel object and just leave the txt?
yeah thats the whole point im saying lol
steep agate
sure
steep agate
exactly u leaked his kit π
Nah, I haven't played a Koth game in a while, I only played a game a few days ago against that AI
obsidian lark
if everyone has lkms koth will be a game of speed
steep agate
if everyone has lkms koth will be a game of speed
And you think koth is currently not a game of speed? let's be honest, 59 minutes of king time on each machine...
This happens with other players too, in fact, it doesn't change anything
at least I'm trying to make the game more balanced, at least so other players know what they're dealing with and make their techniques stronger
obsidian lark
still players use basic tricks mostly, if everyone gets the power of lkms its no fun anymore
steep agate
well, I used LKM but mine was easily broken by many players
steep agate
still players use basic tricks mostly, if everyone gets the power of lkms its no...
and do you think it's fair to play against an LKM that normal players can't even know what they're dealing with? just giving free win
obsidian lark
at least I'm trying to make the game more balanced, at least so other players kn...
yeah, u are supporting, but its also kinda harmful for players with lkms lol
steep agate
well, players who use LKM are already at an advantage, so I don't see a problem balancing that
honest beacon
That's why i never use LKM's
obsidian lark
and do you think it's fair to play against an LKM that normal players can't even...
im not talking about other players, but ig leaking literally the best technique possible (of another player) is bad for that player right...
steep agate
im not talking about other players, but ig leaking literally the best technique ...
this is just the txt of what each function does, you asked me to delete the kernel object with the src, and I did
obsidian lark
i've spent months writing my kit for koth... and whats the point if someone else copies my code lol
honest beacon
im not talking about other players, but ig leaking literally the best technique ...
if someone can create unbreakable lkm then he can again create more powerful lkm
steep agate
i've spent months writing my kit for koth... and whats the point if someone else...
It's not a question of copying code, it's a question of balancing the game and others knowing what they're facing, just using a rootkit gives you a huge advantage
obsidian lark
this is just the txt of what each function does, you asked me to delete the kern...
yeah man, its all good, im just telling... LKMs are OP in koth games... so ig it should be limited for a while
steep agate
yeah man, its all good, im just telling... LKMs are OP in koth games... so ig it...
yup
honest beacon
but the point is that is LKM legal ? I think it's chitting.We don't have to change anything means removing or adding binaries except chattr.So how LKM's are legal for KOTH ?
obsidian lark
It's not a question of copying code, it's a question of balancing the game and o...
well if u look it in a broader view, its a skill issue of the players without kernel knowledge π
steep agate
but the point is that is LKM legal ? I think it's chitting.We don't have to chan...
well, in koth's rules it doesn't say that using lkms/rootkits are prohibited, but on the other hand, the purpose of a rootkit is to change the default behavior of the system, to what you want, whether by hooking syscalls or hooking wrapper/ function
steep agate
well if u look it in a broader view, its a skill issue of the players without ke...
yup
honest beacon
well, in koth's rules it doesn't say that using lkms/rootkits are prohibited, bu...
so it's just changing whole system .So why it's legal
steep agate
Yes, but the rules don't say they are prohibited, that's the point
steep agate
well if u look it in a broader view, its a skill issue of the players without ke...
I thought if I showed what the rootkit does, maybe players would have other ideas to make games more balanced
honest beacon
I thought if I showed what the rootkit does, maybe players would have other idea...
Do you think a beginner even know about rootkit
No it shouldn't be allowed in my openion
steep agate
Do you think a beginner even know about rootkit
Definitely not
That's why koth is only for intermediate level players and above
not for beginners
obsidian lark
lol fr
steep agate
I mean, for you to play Koth your account needs to be as an intermediary
honest beacon
I mean, for you to play Koth your account needs to be as an intermediary
Yeah you are right but, rootkit is difficult for intermediate players too
steep agate
Yes, I also agree with that, creating a rootkit is difficult even for those who know C
That's why I thought it would be cool to at least show what the rootkit does, so other players know what they're dealing with, to make it more balanced.
honest beacon
But, if rootkit is not allowed.Then the game will be more interactive.
steep agate
it will definitely be more interactive, the point I want to make is that it is not in the rules that it is prohibited, but on the other hand, playing against good players like ch1, and others who have rootkits is good because you can research and understand more
search for other sides of breaking a rootkit, @broken pilot is one of them, the guy breaks rootkits out there π€£
Anyway, I think that's it, at least to make it a little more balanced, giving at least the minimum chance against common players
broken pilot
Here's my perspective on this, lkm's are very op and they force you to learn something new. I enjoy the challenge of trying to figure out a way to bypass them manually. But I can also see the perspective of newer players also, it tends to be a little unfair if you spam every game with a lkm.... Sure use a lkm for experienced players, but there's really no need for a lkm when you could beat the player with a simple chattr lock... 59 mins king for most games played using a rootkit does not show skill, in fact I believe that if rootkits were disabled for newer machines then some players wouldn't be able to farm the wins anymore and actually make it a fair fight... It would actually make koth more fun if it was a fair fight. Sure in the wild there are no rules like what koth has in place and you would need to know how to protect against lkm's or at least know how to detect them. At some point hooking everything that could potentially bypass a lkm for KOTH could be a little unfair and players may resort to playing dirty or breaking the rules...
fossil helm
Damn i sleep about 24hrs
And i read it all
But ch1 is hard to defeat in speed
He setup everything just like 2 click and boom
gritty linden
fossil helm
Here you go
steep agate
Oh yes, ch1 I had dropped this LKM once in one of my last games on a machine to test if it worked, but in the end it just broke the machine so I left it aside π
steep agate
fossil helm
Here's my perspective on this, lkm's are very op and they force you to learn som...
I accepted already the faith of koth. And THM is not doing anything about it i accepted that also lol
steep agate
Oh yes, ch1 I had dropped this LKM once in one of my last games on a machine to ...
Btw, anyone who wants to look more at the code, to understand how koth's rootkits work, feel free, it's cool to find his secondary account on the thm server too
fossil helm
Fr
Anyways i will still use what my source made because he explained it to me what i need to know
steep agate
Ch1 uses autopwn, every game he spends 59 minutes in the game, so if you enter before him, and disable module loading, he won't be able to beat you
rare pelican
Ch1 uses autopwn, every game he spends 59 minutes in the game, so if you enter b...
yeah its true cause even if you root machine fastly you will unable to write on king
rare pelican
best ring3 rootkit dev
ig he maded that kingkit?
steep agate
just skids
rare pelican
not skill issue
he tolded me that he dont use he just be ready for all commands
all in one xd
steep agate
well, if you combine it with sshpass and add all the commands you can even
rare pelican
i also started my rootkit you already know XD @steep agate
steep agate
Oh nice!
rare pelican
but not that much good at hiding process
steep agate
I'm helping a friend of mine's snapekit to make it more stealthy
fossil helm
best ring3 rootkit dev
Coming from mtz @light flame i agree π
rare pelican
I'm helping a friend of mine's snapekit to make it more stealthy
i dont wanna use on koth i also love to learn from other people what they are using rather being using my it will a timewaste if u load it & make it more stronger
steep agate
Maybe I'll do some ring3 rootkit projects for Windows, although I've been really enjoying seeing content about BYOVD in the last few days
vulnerable driver
fossil helm
Maybe I'll do some ring3 rootkit projects for Windows, although I've been really...
I need that ring3 in windows π
steep agate
<:kekw:658061932577816606> i dont wanna use on koth i also love to learn from o...
yup
rare pelican
Maybe I'll do some ring3 rootkit projects for Windows, although I've been really...
damne nice!!
steep agate
I need that ring3 in windows π
@civic vortex I was making one for Windows
ring3
From what I saw, it was incredible
steep agate
<:NotLikeThis:689847725969244171> damne nice!!
it's very cool
rare pelican
got 600 points in only 21 min in a machine lol
rare pelican
<:kekw:658061932577816606> got 600 points in only 21 min in a machine lol
i only used attrib nothing extra still
steep agate
Windows is very good, I like it, exploring AD is very cool too
Speaking of AD, I'm getting ready for CRTP
rare pelican
Speaking of AD, I'm getting ready for CRTP
all the best !!
steep agate
i only used attrib nothing extra still
try using icacls, it's good too
rare pelican
try using icacls, it's good too
ik but i dont want to
steep agate
sure
rare pelican
how my friend got an free thm premium wtf
fossil helm
Windows is very good, I like it, exploring AD is very cool too
I just fell inlove in internal pentest AD pivoting lateral movement
steep agate
I really like it, I passed the CRTO using cobalt strike, full lateral movement, and common AD exploitation techniques
fossil helm
Took me 24hrs to that thm new K2
But i admit i read write ups started in middle camp
steep agate
bloodhound is very good, it's a shame that a red ops, or in real life, makes a lot of noise, the SOC will clearly notice, and will take away your access/network π
but it's cool to train and learn
about AD, you would learn a lot in vulnlab
near lily
This chat is veering off the channel topic...
steep agate
Oh, okay, sure
fossil helm
bloodhound is very good, it's a shame that a red ops, or in real life, makes a l...
Yeah hopefully i can get crto too
Anyways go back to KOTH
steep agate
Of course, well, my old code is there, I used it in my last game to see if it worked, but from what I remember some things were breaking, if you want feel free to study it π
The kernel object of ch1 is also there, just throw it into ghidra and analyze the functions although I made a summary
fossil helm
If you guys had rootkits already be sure you're fast as ch1 or else a lot of players also are fast
In the world of kung fu , speed determines the winner. - Bruce lee
New motto of KOTH
steep agate
to be more balanced, of course, if ch1 loads his rootkit 25 seconds after the game loads it gets a little complicated so you have to be faster and disable LKM loading using `sudo sysctl -w kernel.modules_disabled=1
`
fossil helm
rare pelican
to be more balanced, of course, if ch1 loads his rootkit 25 seconds after the ga...
for that you have to be flash than him
steep agate
If you guys had rootkits already be sure you're fast as ch1 or else a lot of pla...
Even I wasn't that fast π€£
steep agate
<:kekw:658061932577816606> for that you have to be flash than him
yup
rare pelican
he just enter into the machine & waits for approx 3 sec then he become king
steep agate
this is not skill
rare pelican
he just enter into the machine & waits for approx 3 sec then he become king
at that time also u will not able to write
fossil helm
Even I wasn't that fast π€£
Imagine in SpaceJam i can do it in 10seconds only even 7 seconds i guess
But ch1 is still the winner
Lol
Imagine that how fast he is
steep agate
there must be a command ready or a curl for that ||"backdoor" on port 3000||
steep agate
Anyway, if you disable kernel module loading, it won't be able to beat you without LKM
civic vortex
<@346877537026179072> I was making one for Windows
mine is bad, please share some notes about yours after that
civic vortex
Nah bro, it's not bad, from what I saw in the print it's really cool
there are some bugs : /
the hooking method is bad
will see how you do it
steep agate
It will be ok, bugs can be fixed
okay
I have a friend who is very good with ring3 rootkit for windows, he developed one a while ago
civic vortex
https://github.com/MrEmpy/Frosty
π ive tried it before but didnt work, will take a deeper look at it
civic vortex
ahh actually mine uses the Detours lib too
steep agate
Nice, this lib is very good
fossil helm
I only use your tutorials in windows and i add some ideas to maintain my presence in the king but still not enough to those knowledgeable in windows machine
fossil helm
thats how koth is really equalized
who are you hahaha
you and @steep agate are both hero of other people here
for a long time they rant about it lmfao
but ch1 is faster than brucelee then goodluck to those who will use
there are only 4 machines you can beat him but he is not playing there also
steep agate
who are you hahaha
is ch1, second account of him
steep agate
there are only 4 machines you can beat him but he is not playing there also
it can only win on machines that have LKM compiled
fossil helm
is ch1, second account of him
ohh @gritty linden what the heck mah G
fossil helm
it can only win on machines that have LKM compiled
i see
rare pelican
it can only win on machines that have LKM compiled
true
rare pelican
there are only 4 machines you can beat him but he is not playing there also
he played sometimes
rare pelican
it can only win on machines that have LKM compiled
times back i alrdy make him lose there
civic vortex
tbh If someone released a koth LKM source code so that everyone no matter the skill level can use it, people will just autopwn every games in order to be the first to iimplant lol, good job @gritty linden or whoever you really are
fossil helm
tbh If someone released a koth LKM source code so that everyone no matter the sk...
he is ch1
fossil helm
why do you think it's him?
mtz said a while ago
civic vortex
π
fossil helm
π
but idk lol maybe and maybe its not him he said he will be having 10 games a day starting tomorrow
but weekends he will grind
mah G will be busy in school
civic vortex
but idk lol maybe and maybe its not him he said he will be having 10 games a day...
π Im gonna play max 5 a day too, need to prepare for my certs
fossil helm
π Im gonna play max 5 a day too, need to prepare for my certs
you guys should spam in every game so i will not be tempted to play i need to finish red teaming path this week π
civic vortex
nah it's boring for me
civic vortex
the biggest joy is to look at logs, but not much experienced players are playing recently
fossil helm
the biggest joy is to look at logs, but not much experienced players are playing...
youre just letting others do the king while youre watching them
civic vortex
youre just letting others do the king while youre watching them
yes π
so that I can log their IP, username and behaviors in my DB
rare pelican
so that I can log their IP, username and behaviors in my DB
you are great
gritty linden
jokes aside this lkm works just plug your name there and compile it it didnt even compile before but it got fixed π
it also still needs some hooks cuz its bypassable you can see whats missing from this other rootkit and implement it
steep agate
is he
civic vortex
steep agate
jokes aside this lkm works just plug your name there and compile it it didnt eve...
Enjoy, and look at the functions of the ch1 rootkit, use the ghidra decompiler, basically just implement the functions of the ch1 rootkit on my old one
steep agate
<:catok:981545140617347082>
I had already given you the sample without the anti reversing trick, you must have already looked deeper into the ch1 rootkit, in fact, it cannot create one for the current kernel
civic vortex
I had already given you the sample without the anti reversing trick, you must ha...
yeah true
steep agate
Enjoy, and look at the functions of the ch1 rootkit, use the ghidra decompiler, ...
It's literally what he uses in every LKM spam game π€£
steep agate
yeah true
Yup
By the way, you use this code as much as you want, I'll even help make it stronger, I really don't care about koth anymore, if I can help people I'd be happy π
civic vortex
π
honest beacon
By the way, you use this code as much as you want, I'll even help make it strong...
yeah we all can help by ping admins everyday
we have to tell them to change rules like limiting games per day upto 10 or like that how much wr want and if someone us joining anothwr game then. It souuldn't add in another game untill that game is over.
near lily
honest beacon
<#757261859270426745>
brother i habe told already there.They don't care too
it has been a month but nobody reply
broken pilot
we have to tell them to change rules like limiting games per day upto 10 or like...
I don't think that is the best option, that would just create more alt accounts. I don't think lkm's should be against the rules either. In fact I would argue that they actually helped me learn more. But maybe the possibility of some newer machines, where the ability to load kernel modules is disabled by default... That could actually help balance out the games. Idk just brainstorming...
fossil helm
I don't think that is the best option, that would just create more alt accounts....
I only know rootkit before as virus on my pc but when i played koth and also when i entered to mtz channel i slowly understand the use also it can be use both in danger and for fun ( educational )
lyric geode
I don't think that is the best option, that would just create more alt accounts....
I don't think LKMs should be allowed in, Well if "Pros" wants to have fun games and use LKMs why not have there own categories ig, The down side of allowing the rootkits is when a newer player joins they are not going to have a good experience learning aside but frustration is not a good thing.
It should be played how it was designed to be just sayin'
fossil helm
I don't think LKMs should be allowed in, Well if "Pros" wants to have fun games ...
That's the problem cuz koth now has fewer players even no opponents
lyric geode
That's the problem cuz koth now has fewer players even no opponents
It's caused by rootkits and using autopwn Sir.
when a newbie tries, ofc they gonna look at writeups.
fossil helm
It's caused by rootkits and using autopwn Sir.
50/50 also machines are old and the same aside from fireworks
lyric geode
It's happening same like htb bg, slowly fading away to improve it.
It's game and game should be fair.
fossil helm
It's game and game should be fair.
Yeah that is why thm should do something on it. Newer machine
lyric geode
Yeah that is why thm should do something on it. Newer machine
Newer Machines* + No Writeups + Fair games + More content.
Tiers for the users might help
Easy - Hard
So OGs can have fun with rootkits while newbies can work around to learn KoTH structure.
fossil helm
Or remove all the old machines disable loading rootkits.
lyric geode
Or remove all the old machines disable loading rootkits.
This is one of the thing.
Well, a lot learnt writing rootkits but still bad for the person who just started playing for the first time.
fossil helm
There will be a lot of changes should be done thm should think the pros and cons to make that koth fair
lyric geode
There will be a lot of changes should be done thm should think the pros and cons...
Looking at the current state of platform itself, company is putting their best work into making more updated and improved content.
So fixing KoTH right now is kinda of a hard side.
As community also pushing rooms on to platform for public, it makes a lot harder to manage Stuff.
steep agate
As community also pushing rooms on to platform for public, it makes a lot harder...
I and many other players have already made themselves available to create rooms completely for free, but the reality is that koth doesn't bring "money"
for business , it doesnβt make sense
lyric geode
I and many other players have already made themselves available to create rooms ...
That's the point.
It doesn't give both user and platform much, other then user having fun (which not really) and platform having user base for KoTH.
steep agate
yeah
lyric geode
It's just a "feature"
vague wadi
I don't think that is the best option, that would just create more alt accounts....
I believe this is the best choice in keeping the game alive
It shouldnβt be allowed to give everyone a fair chance and not give anyone an auto win button
honest beacon
I don't think that is the best option, that would just create more alt accounts....
okay but everyone joins for leaderboard in my openion. So, if games will be in limit.Then, players play less games snd new olayersstarts play sgain.
fossil helm
If your forensic skills is not good as @civic vortex then goodluck looking for rootkits like ch1 is using, Bravo did not learn it in just a month. For those beginners like me who will play koth just enjoy looking for flags and practice exploiting the machine or avoid playing koth until THM will do something about it. Better to pawn those boxes in CTF category or do a THM path. 
civic vortex
If your forensic skills is not good as <@346877537026179072> then goodluck looki...
Guys should join @steep agate 's rootkit research server in his profile description, it helped me a lot at rootkit forensics
fossil helm
For now there's nothing we can do the koth is being played in that way.
How to play
Join a lobby with up to 10 players
When everyone is ready, you'll get a machines IP address
Enumerate and hack into the machine
Add your TryHackMe username to /root/king.txt
Patch the machines vulnerabilities to maintain your access
The longer you're king, the more points you get
Hunt for flags around the system for extra points
After 60 minutes, the game ends
Rules
To prevent cheating and ensure this game is realistic, everyone must the follow the rules:
The machine should not be made unavailable (shutdown/reboot, firewall/iptables rules to stop all communication, all services terminated, machine botching etc).
Only stop a service if it can't be patched any other way. Services should remain available for βgenuine users of the boxβ if at all possible. Changing ports of services is allowed. (Try to keep the machines in as original state as possible.)
No modifying/removing flags or their permissions (if any flag is everyone readable, it should be left like that).
Do not attack, modify or stop the service(king/KoTH service) on 9999 (this includes a 'KoTH' binary placed by default in /root and things like changing service locations.)
Any sort of DoS against the machine.
No attacking other users (you have no reason to attempt any recon on any IP other than the one given to you on the game page).
Scripts that automatically hack(autopwns) and/or harden the machine are forbidden.
Do NOT delete system binaries (except chattr) or change executable permissions on them (or their directory).
Using alt/dummy accounts to control resets is not allowed.
Resets should only be used if the target has been broken or otherwise rendered unusable; resets shouldn't be used to prevent users from gaining access.
If one vulnerability is patch then don't spam resets, there are 4-5 methods to gain foothold in every machine.
Games are moderated, and failure to abide by the rules will result in a game and/or site ban.
steep agate
Guys should join <@745672959804571742> 's rootkit research server in his profile...
Nice! The idea is that, to help people who want to understand more about rootkits, share research, ideas, content, codes, tutorials, etc.
fossil helm
Nice! The idea is that, to help people who want to understand more about rootkit...
or make a room in THM. A walkthrough in Rootkit by Matheuz.
sheesh xD
steep agate
or make a room in THM. A walkthrough in Rootkit by Matheuz.
It would be a good idea, since what I see most is people teaching how to use chkrootkit and rkhunter π
fossil helm
It would be a good idea, since what I see most is people teaching how to use chk...
@near lily
fossil helm
It would be a good idea, since what I see most is people teaching how to use chk...
Lets gooo
steep agate
It would be a good idea, since what I see most is people teaching how to use chk...
chkrootkit and rkhunter are obsolete, it's a joke when it comes to getting even minimally decent rootkits
near lily
<@958383130102870026>
?
fossil helm
chkrootkit and rkhunter are obsolete, it's a joke when it comes to getting even ...
it would be good if you submit a room entry here in THM talking about beginner to intermidiate knowledge in rootkits
rare pelican
chkrootkit and rkhunter are obsolete, it's a joke when it comes to getting even ...
i totally agree with this
lyric geode
π
steep agate
it would be good if you submit a room entry here in THM talking about beginner t...
not only about that, but how to detect some malware would also be cool
rare pelican
not only about that, but how to detect some malware would also be cool
in my advice u focus on kernel base rootkits to detect , it will be more better than a userland cause user land rootkits bypass are are laready shown in many sites but not for proper kernel based rootkits bypass create for that it will be too good
inland falcon
Question: I have stable connection in the beginning, but once a player gains acces to king.txt I start getting distruptions to my ssh connection (freezes). Is this not against the rules (blocking user with firewall or some other method)? π€
steep agate
Question: I have stable connection in the beginning, but once a player gains acc...
This has already happened to me, but it wasn't because of rootkits... it was my VPN
steep agate
in my advice u focus on kernel base rootkits to detect , it will be more better ...
yeah
inland falcon
This has already happened to me, but it wasn't because of rootkits... it was my ...
Hmm.. I'll monitor my VPN then (i'll ping another IP on the same network to confirm it's not the VPN issue).
fossil helm
in my advice u focus on kernel base rootkits to detect , it will be more better ...
this would be a long and interesting walkthrough if ever @steep agate will make a THM room for it
fossil helm
my honest answer to his curiosity
near lily
my honest answer to his curiosity
Is this from DM's or another server?
fossil helm
Is this from DM's or another server?
koth
steep agate
this would be a long and interesting walkthrough if ever <@745672959804571742> w...
Maybe I'll do that, it would be cool at HTB because they pay in dollars there, and they pay very well
but it could be at THM too, a room like that would be cool, I don't think there is one
fossil helm
but it could be at THM too, a room like that would be cool, I don't think there ...
if you search rootkit, there are rooms poping up but i dont think it explains about rootkits well like in your dc channel so it's better if it is coming from you who focuses on it.
honest beacon
but it could be at THM too, a room like that would be cool, I don't think there ...
Yeah brother, waiting for that π
steep agate
if you search rootkit, there are rooms poping up but i dont think it explains ab...
yeah
Most of what I see is just teaching how to use rkhunter and chkrootkit lol
honest beacon
Most of what I see is just teaching how to use rkhunter and chkrootkit lol
can you provide links for good one.
sonic atlas
this ch1 guy never gives anyone a chance
fossil helm
You can play now i told him to sleep π΄ π
rare pelican
this ch1 guy never gives anyone a chance
π he is flash for a reason
obsidian lark
@steep agate https://github.com/Trevohack/R0DDY
steep agate
<@745672959804571742> https://github.com/Trevohack/R0DDY
Oh nice! It looks cool, but from what I saw in src, it doesn't work on kernels above 5/6x, there are some functions in it that make it impossible to use on kernels like that, but congratulations, good project
obsidian lark
Oh nice! It looks cool, but from what I saw in src, it doesn't work on kernels a...
yup i mentioned it only works for 4.x kernels
steep agate
oh, okay i see now
fossil helm
<@745672959804571742> https://github.com/Trevohack/R0DDY
imagine using roddy to @obsidian lark later in koth
obsidian lark
imagine using roddy to <@1005685758356619284> later in koth
im faster xD
civic vortex
imagine using roddy to <@1005685758356619284> later in koth
run barry run
rare pelican
im faster xD
imagine saying against ch1
fossil helm
I will send it here anyway
rare pelican
nag dont leak
fossil helm
I will leak
rare pelican
rare pelican
π
fast galleon
You can find Ch1 in this group.
#koth-voice-chat
Ask him what tools he use in KOTH.
He was active till August.
steep agate
You can find Ch1 in this group.
<#768851153449517126>
Ask him what tools he us...
just lkm rootkit
steep agate
@fast galleon
plush jetty
How we doing?
steep agate
just use sudo sysctl -w kernel.modules_disabled=1 very fast
frank oracle
oh we sucked lmao
steep agate
just use `sudo sysctl -w kernel.modules_disabled=1` very fast
because basically he rooted and loads the lkm rootkit in 30 seconds or less as soon as the machine starts, so you will have to be faster and run this @plush jetty @fast galleon
plush jetty
Potato, I used ms17_010_psexec on 445
fast galleon
because basically he rooted and loads the lkm rootkit in 30 seconds or less as ...
We should be very very fast then.π
steep agate
yeah
it does all this in a matter of 10 seconds or 20 as soon as the machine starts up, so you guys will really have to be the flash π€£
frank oracle
Potato, I used ms17_010_psexec on 445
i was trying get in through LDAP.
Got credentials, didnt knew where i can spray them
plush jetty
I'm going to go out and try that way -- I am not as familiar with using LDAP
frank oracle
I need to read my ejpt material again sheesh
fast galleon
it does all this in a matter of 10 seconds or 20 as soon as the machine starts u...
Or we need to reset the machine whenerver ch1 enters then disable the kernel module just after that.
plush jetty
Thanks! I'm nervous haha
steep agate
Or we need to reset the machine whenerver ch1 enters then disable the kernel mod...
It could also be lol, or else you literally have to be the flash, because literally as soon as the machine starts, it doesn't even pass 15 seconds properly, and it has already loaded the lkm rootkit, so you have to be faster than it, to disable module loading
fast galleon
It could also be lol, or else you literally have to be the flash, because litera...
Or we should keep DDOSing his ip until we get into the machine.π
steep agate
Or we should keep DDOSing his ip until we get into the machine.π
Nah, that would be against the rules
fast galleon
Nah, that would be against the rules
Break the rules for those who are breaking the rules.π
plush jetty
Who is Ch1?
He set the King almost immediately and I can't find anyway to modify the king.txt file -_-
fast galleon
He set the King almost immediately and I can't find anyway to modify the king.tx...
He is the THM server owner.π
steep agate
Who is Ch1?
plush jetty
I'm not seasoned enough π¦ Am I able to stop this next time without tools like rhunter and chkrootkit?
steep agate
I'm not seasoned enough π¦ Am I able to stop this next time without tools like r...
rkhunter and chkrootkit are easily bypassable, and they also only detect by patterns/rootkits that have a signature in your database, and that are known, they are obsolete tools, not recommended to be used nowadays
plush jetty
rkhunter and chkrootkit are easily bypassable, and they also only detect by patt...
Thanks, I appreciate the insight. Do you do videos/streams or anything? I'd like to see how to deal with a rootkit on THM KOTH if it exists.
sour vectorBOT
Gave +1 Rep to @steep agate (current: #117 - 63)
steep agate
Thanks, I appreciate the insight. Do you do videos/streams or anything? I'd like...
Yes, I have a YouTube channel where I've made Koth videos, and there's also my discord server focused on rootkits/malware
fossil helm
Break the rules for those who are breaking the rules.π
He is not breaking the rules π
It's THM's fault and they didn't do anything on it
fossil helm
Thanks, I appreciate the insight. Do you do videos/streams or anything? I'd like...
I will tell you in koth to deal it with him
In koth only.
Do it as fast as you can 3 seconds π
If you cannot do that you have no chance against him in 6 machines
fossil helm
just use `sudo sysctl -w kernel.modules_disabled=1` very fast
This is useful in other players but with ch1 this will not work because he can load his lkm in just 5 seconds.
Just read the github of @steep agate a lot of tips there for koth that may lead you to win in koth
WITHOUT ch1 lill
Lol
And w/o @obsidian lark and @civic vortex π
fast galleon
It's THM's fault and they didn't do anything on it
Yeah THM should add this restriction in rule as well.
fossil helm
Yeah THM should add this restriction in rule as well.
hop in public lets play i will not use rootkit
fossil helm
hop in public lets play i will not use rootkit
@civic vortex has joined so that's a diff story
civic vortex
<@346877537026179072> has joined so that's a diff story <:kekw:65806193257781660...
nah im afk
gritty linden
still need some hooks but you can work with it
also some hooks there need to be fixed
swift laurel
@steep agate we need that rootkit room already buddy! I have a feeling it would be fire
stable wing
@swift laurel you are killing me mate
π
swift laurel
<@192992128073334784> you are killing me mate
π
Ahah I was having a good laugh
swift laurel
you sure did! Got king and everything. Doesn't get any better!
swift laurel
I just killed your process when I noticed you robbed me of king lol
stable wing
and you changed the passwords.
stable wing
thanks for the explanation. π
learned a lot
swift laurel
my pleasure
stable wing
DM?
swift laurel
Feel free to do so!
steep agate
<@745672959804571742> we need that rootkit room already buddy! I have a feeling ...
yeah
violet zealot
But if ch1 does load his rootkit 10 seconds after machine starts, then he basically use autopwn?
There is no machine that he can root in 10 seconds, the fastest machine to root is Tyler if I remember well because it's basically rce and oneliner privesc
fossil helm
There is no machine that he can root in 10 seconds, the fastest machine to root ...
I disagree he is experienced player already
THM just said the machines has 3-4 vulns
obsidian lark
There is no machine that he can root in 10 seconds, the fastest machine to root ...
u can get into a box under 10 secs
violet zealot
u can get into a box under 10 secs
Like which one? I don't remember any box like that
violet zealot
THM just said the machines has 3-4 vulns
Yeah I know lol, I did them way before ch1 but as I remember (if boxes didn't change) there is no box that u can root in less than 10sec
fossil helm
Like which one? I don't remember any box like that
try to exploit other ports
violet zealot
u can get into a box under 10 secs
Get into yes, like Tyler but not root
violet zealot
try to exploit other ports
Uh?
But we are not talking about ports lol, I did all thm machines and exploited every vulns that they had, I remember which box was the fastest to access or root
So like I said, either he's using autopwn or boxes changed (or a recent exploit can root them all, like regreSSHion but I don't think so)
fossil helm
But we are not talking about ports lol, I did all thm machines and exploited eve...
prepare everything and when the clock starts
he is weak in 4 machines but idk if that is the term maybe if he will learn that 4 machines he will surely also win there
stable wing
i am relatively new to CTF and cyber security.
I just played KOTH and people seem to root the machine pretty quickly. while i am struggling to get a foothold.
is it just pure skill and practice or are there any tools/scripts? π€
civic vortex
i am relatively new to CTF and cyber security.
I just played KOTH and people s...
It is common that it takes time to pwn machines in your first 50 games
After that, if you take good notes, you can just copy paste from your snippets
Because you dont want to do the same thing over again (Except copy pasting)
At this stage, the main thing to focus on is the techniques to defend king and remain persistence
civic vortex
Some people just copy commands from others' writeup and spam rootkits written by others without knowing how it works, which means they gain nothing but hollowness
stable wing
Thanks @civic vortex for the clarification. π
i was really puzzled how fast some players captured the king.
now, i know that I have to practice more.
sour vectorBOT
Gave +1 Rep to @civic vortex (current: #460 - 11)
civic vortex
Another guy who is breaking the rule lol
- Game : https://tryhackme.com/games/koth/110209
- Player Profile : https://tryhackme.com/r/p/ThisizAmen
- Username : ThisizAmen
- User ip : 10.17.122.117
nvm he doesnt know the rules : V, but looking at rules is a must before doing anything in real life tho
stable wing
π
fossil helm
Thanks <@346877537026179072> for the clarification. π
i was really puzzled how...
I was once same as you about a month ago
I keep researching, also i spent 1 week solving all the box before
The h1hard really gave me hardtime until now i can root it but it takes me time
stable wing
practice and research
fossil helm
I realized after all the loose the clue is just right in front of me reading the how to play
Same as other here im really pissed off to ch1 before
civic vortex
nvm he doesnt know the rules : V, but looking at rules is a must before doing an...
LOL he still does it after reset, cringe
fossil helm
Imagine you doin enumeration then someone is the king already and you cannot do anything about it.
stable wing
i was playing the previous machine. suddenly machine returns 403 error. π
stable wing
Imagine you doin enumeration then someone is the king already and you cannot do ...
cheating 100%
fossil helm
cheating 100%
That's why i read the how to play and I understand lol
I talked to ch1 he also experienced same as us before wayback matheuz and others are playing. Until he did some steps to improved his playing lmfao π i can say he is not using autopawns or what but idk maybe who knows.
As far as i know he is just preparing everything
fossil helm
LOL he still does it after reset, cringe
Bro's desperate π₯²
fossil helm
LOL he still does it after reset, cringe
I thought there was nothing worse than what Zypra was doing, making dummies to invade the machine and abusing the reset until he wins. But there is still something worse πͺ
stable wing
i was able to capture the king in "production"
and I commented
#skidy ALL=(root) SETENV:NOPASSWD: /usr/bin/git *, /usr/bin/chattr
so other players can not gain root access as I did. thats not against the rules. right? π
fossil helm
i was able to capture the king in "production"
and I commented
`#skidy ALL=(ro...
Its fine
fair adder
how do we get the solutions for the koth we played?
near lily
There is some "writeups" around github.
Nothing official from THM, as where would the fun in that be?
plush jetty
how do we get the solutions for the koth we played?
when you 1337 them π
nova tide
i was able to capture the king in "production"
and I commented
`#skidy ALL=(ro...
That should be fine.
nova tide
how do we get the solutions for the koth we played?
Google is your friend otherwise @stiff egret is:
||https://github.com/holmes-py/King-of-the-hill||
split sable
I wanna start trying out KOTH what rooms should I do to get an idea of what to do after scanning the targets
Other than the obvious metasploit rooms, Iβm looking for more techniques
true valve
I wanna start trying out KOTH what rooms should I do to get an idea of what to ...
I would suggest studying the lockheed martin killchain, and generally speaking, following the learning path roadmap, however, the choice of how to proceed is yours.
fossil helm
I would suggest studying the lockheed martin killchain, and generally speaking, ...
im waiting for you to get the king. i am @civic vortex 2.0
jk lol
civic vortex
im waiting for you to get the king. i am <@346877537026179072> 2.0
nah I learnt that from matheuz and f1nipe π
call me matheuz 2.0
fossil helm
call me matheuz 2.0
call me mtz 5.0
true valve
good game
split sable
I would suggest studying the lockheed martin killchain, and generally speaking, ...
Thank you very much I will heed your advice oh wise one ππ»ββοΈ
sour vectorBOT
Gave +1 Rep to @true valve (current: #696 - 6)
civic vortex
call me mtz 5.0 <:kekw:658061932577816606>
who is 3 and 4?
fossil helm
who is 3 and 4?
Lately they're inactive i moved my place into 10th lol
Im so poor in forensics im trying to read some articles from mtz's dc
obsidian lark
who is 3 and 4?
3 me
rare pelican
steep agate
<@745672959804571742> we need that rootkit room already buddy! I have a feeling ...
https://github.com/MatheuZSecurity/detect-lkm-rootkit-cheatsheet
i released that
swift laurel
https://github.com/MatheuZSecurity/detect-lkm-rootkit-cheatsheet
i released that
I'll have a read! Thanks man
sour vectorBOT
Gave +1 Rep to @steep agate (current: #118 - 64)
swift laurel
https://github.com/MatheuZSecurity/detect-lkm-rootkit-cheatsheet
i released that
the image is amazing ahah
steep agate
I'll have a read! Thanks man
nice
steep agate
the image is amazing ahah
halloween theme π€£
fossil helm
https://github.com/MatheuZSecurity/detect-lkm-rootkit-cheatsheet
i released that
sheesh save save
civic vortex
what do you use -p argument for?
fossil helm
what do you use `-p` argument for?
that should be sudo sysctl -p
civic vortex
that should be sudo sysctl -p
yeah, but what's that for?
fossil helm
the kernel parameters defined in the specified configuration file will be applied immediately without requiring a reboot
@civic vortex did you just put Moetez name right?
fossil helm
yeah, but what's that for?
if anyone will command sudo sysctl -w kernel.modules_disabled=1
w/o sudo sysctl -p
can still load rootkit
if im not mistaken
civic vortex
if anyone will command sudo sysctl -w kernel.modules_disabled=1
nah, that immediately writes 1 to the config file in /proc
i tried it before, and it does block rootkit loading
fossil helm
i had this 4 lol
sudo sysctl -w kernel.modules_disabled=1
sudo sysctl -w kernel.randomize_va_space=2
sysctl kernel.ftrace_enabled=0
sudo sysctl -p
i just added ftrace when i read mtz article lol
fossil helm
others should execute these as fast as they can if they don't want their opponents to load rootkits
as far as i played koth i can say in current koth players there is no one using autopawns
at first i accused ch1 before but i found at that mah g is just preparing everything but yeah he uses rootkit lol
but not autopawn
ancient cliff
at first i accused ch1 before but i found at that mah g is just preparing everyt...
anyone wanna private koth without rootkit? the only defense rule is: only patch the flaws to get in
like "chill"
ancient cliff
but you (?)
fossil helm
i will show you when im in the root that i executed these
fossil helm
sudo sysctl -w kernel.modules_disabled=1
sudo sysctl -w kernel.randomize_va_spa...
1
or if youre the first
just do it
fossil helm
i slipt 2 times in the root part so i thought you were there already π
ancient cliff
i slipt 2 times in the root part so i thought you were there already π
no i am struggling on the web servers, i found useless stuff
its my 3rd koth, i dont know the box yet
you got root in 5 min
you guys dont even enumerate, you already know creds
fossil helm
you guys dont even enumerate, you already know creds
Enumeration age is already over
fossil helm
Somehow it took me 1week to figure out h1hard machine
And i practice it lol
If thm will rebirth the koth then enumeration is the key again
ancient cliff
from my experience i know its possible to automate the process of creating vm with differents creds and (vulnerable)services... i know its possible but i have no clue how hard is it to implement that into koth
for now, if i want to try hard, i just have to copy paste all the writeups for the known rooms, and just speed run a rootkit into it
right ?
light flame
from my experience i know its possible to automate the process of creating vm wi...
a few have random passwords/ports
ancient cliff
yes right
fossil helm
My first 1st week in thm koth i was like enumerating and doing some hakkaman stuff on my keyboard i just figured out how to play it. That was also what the others and the retired players was doing.
ancient cliff
wp, i'll stick on solo learning for now, im too slow for thoses shenanigans 
Maybe one day i'll tryhard koth
fossil helm
If you read the past messages here you see a lot of brucelee memes π
@rare pelican π
fossil helm
But still the essence if the game is to make you learn these advance stuff also in forensic side
My defense a while ago was just easy to @civic vortex
He always kick my ass also @obsidian lark
They had good forensic skills
fossil helm
that why we all here after all
101% right
steep agate
But still the essence if the game is to make you learn these advance stuff also ...
It's cool to play against people who use rootkits, you learn a lot
Lucky for those who have already had the chance to play against those who use rootkits, and use this to their advantage to learn more about malware, forensics, etc.
fossil helm
Lucky for those who have already had the chance to play against those who use ro...
Yeah that is why you will be push to learn more if you will play koth with the experienced π
Need to solidify the forensics and defensive in the king
If you play koth with the experienced players and you do enumeration etc nah you'll lose because they will jump straight in the king.
Now in the king is the real battle.
fossil helm
Like i said it took me week to realize 4 5 6 lol
I did like this in my first days in koth because i feel like im super hakkaman but i always lose why i got many flags π later did i know that the video is 1yr ago and the new meta of playing is not that anymore π
astral cargo
I did like this in my first days in koth because i feel like im super hakkaman b...
you were the guy who kicked my ass damn
fossil helm
you were the guy who kicked my ass damn
you mean by this? lol
fossil helm
sorry i just practicing to use it its for @civic vortex but he is so stealthy he is hard to find inside the machine π
civic vortex
sorry i just practicing to use it its for <@346877537026179072> but he is so st...
I protect my tty too, so it wont work π
fossil helm
I protect my tty too, so it wont work π
ik ik you will miss someday π₯Ά
rare pelican
ik ik you will miss someday π₯Ά
u think that
fossil helm
<:kekw:658061932577816606> u think that
this is for you
rare pelican
this is for you
π
sonic belfry
this is for you
@uneven sedge ^^^ ASCII art for your next room.
fossil helm
<@186470389604548608> ^^^ ASCII art for your next room.
koth having bug since yesterday
after the countdown of 1 minute before it starts
for 1 minute need to refresh 10x
steep agate
this is very old bug
steep agate
yeah but its starts yesterday
Like I said, this has been happening for a long time
didn't start yesterday
fossil helm
Like I said, this has been happening for a long time
ahh when would it be fix lol
steep agate
other players have already sent some reports about bugs in koth, and usually nothing happens
steep agate
ahh when would it be fix lol
I hope so too, even if I haven't played koth since a while ago
fossil helm
the late comers will be able to join lol
because of that
you can leave also but you can still go back to the lobby like 1min
steep agate
you can leave also but you can still go back to the lobby like 1min
some bugs happened, this is one of them
uneven sedge
<@186470389604548608> ^^^ ASCII art for your next room.
Hmmmm
steep agate
you mean by this? lol
,____
|---.\
___ | ` __.....__
/ .-\ ./= .' ':,
| |"|_/\/| / __ _ __ \\
; |-;| /_| | |_)) || |_))||
/ \_| |/ \ | | | \\ || | || w00t w00t!@!@!@!
/ \/\( | | || _,
| / |` ) | | Sysadmin ||.-(_{}
/ \ _/ | | DEAD |/ `
/--._/ \ | \\| {}_)-,||
`/|) | / \\;/,,;;;;;;;,\\|//,
/ | | .;;;;;;;;;;;;;;;;,
.' | | \,;;;;;;;;;;;;;;;;,//
/ \ | \\;;;;;;;;;;;;;;;;,//
(_.-.__.__./ / ,\';;;;;;;;;;;;;;;;'
```Nooo, the ascii was buggy here
stiff egret
you mean by this? lol
i need that ascii
astral cargo
sorry i just practicing to use it its for <@346877537026179072> but he is so st...
oh I didn't mean that literally
astral cargo
it was another CTF
rare pelican
<@1160717431740825661>
tough plover
can anyone hop on koth?
had a round with 4 people last night and someone disbabled ssh π
still won cause that locked everyone out of the box and no one else voted for a reset
fossil helm
@civic vortex we are in the wrong channel lmfao
civic vortex
<@346877537026179072> we are in the wrong channel lmfao
π
fossil helm
upon my forensic invistigation i found myself dumb 
it must be some super userland been used there? hmmm
fossil helm
you mean by this? lol
i hope it was the two of your process i kicked a while ago with this or nah
civic vortex
nah
rare pelican
upon my forensic invistigation i found myself dumb <:cri:631271644287074334> <:k...
lmfao
rare pelican
https://tryhackme.com/r/p/HckN1L this mf removes all the binaries from the machine
he is mf
kid
fossil helm
give them win so they will not do that lol
rare pelican
give them win so they will not do that lol
they are kids bro
violet zealot
funny to see that nothing changed 
rare pelican
funny to see that nothing changed <:vent:651584373778546698>
yea lol
fossil helm
@rare pelican come 2 games
civic vortex
https://tryhackme.com/r/p/HckN1L this mf removes all the binaries from the mach...
This is his ip 10.17.31.123, just use a while loop to kick him out the machine
He should put what he is capable of in koth in his profile too lol
fossil helm
civic vortex
hes living in a sweet dream
fossil helm
hes living in a sweet dream <:NotLikeThis:689847725969244171>
He suddenly dmed me this π₯²
I waited for him in spacejam 2 mins
The next game i didn't give him the chance lol
More than a year playing koth and was beamed many times by a 1 month old player
@rare pelican is a 15 yr old boy. He just said to a 15 yr old that he is playing koth for fun idk which of them are more mature in thinking lol
He is just afraid or dont want to lose the game. I lost so many times i just accepted it and didnt do any stupid things inside the machine.
civic vortex
Every time i lose, I make sure i take notes of how to fix the issue next time
that's what learning is
fossil helm
Every time i lose, I make sure i take notes of how to fix the issue next time
Give me a chance to use my ascii to you
civic vortex
Give me a chance to use my ascii to you
then you gotta be fast 
rare pelican
This is his ip `10.17.31.123`, just use a while loop to kick him out the machine
ik i have too his ip
rare pelican
so did mtz told her to remove all the binaires XD'
fossil helm
@rare pelican
rare pelican
<@961591860143464479>
hehe
fallen palm
Imagine when someone loose and votes to reset the machine lol
Thatswhy koth isn't fun anymore.
rare pelican
bro lol
fossil helm
Thm should limit the 1 reset per player only
rare pelican
Thm should limit the 1 reset per player only
yea
someone reset the machine here in the end time https://tryhackme.com/games/koth/111725
lol
fossil helm
hehe still i am the king
if you will play with him then he jumps into the game with 2 accnts then he will spam reset like he did to me yesterday π€‘
rare pelican
if you will play with him then he jumps into the game with 2 accnts then he wil...
i play with them manier times
they just reset
fossil helm
No if you dethroned him in the king that is when he play stupid
rare pelican
No if you dethroned him in the king that is when he play stupid
oh i see
lol but why do we care
game is game
fun is fun
fossil helm
game is game
Fr
fossil helm
Game is game and many cried lol
rare pelican
bcz they dont even bothr to try
honest beacon
<@961591860143464479> is a 15 yr old boy. He just said to a 15 yr old that he is...
what about me ?
frank oracle
ou someone rn in game?
fossil helm
ou someone rn in game?
come
marsh cobalt
Guys just a question for koth, how can I become king because I had most points And some other guy was king with less point
stiff egret
Guys just a question for koth, how can I become king because I had most points A...
becoming king is not connected to points in that way.
You write your name in king.txt, and you gain 10 points by the minute. The longer the name is in the file, the more points you get.
but if someone submitted a lot of flags it is possible they might have more points than you do at one point, even if you are king.
obsidian lark
Mr.Holmes, You have to get access to put your name in king.text, correct?
light flame
Mr.Holmes, You have to get access to put your name in king.text, correct?
yes, because you need to have root permissions to write to the /root/king.txt file
obsidian lark
Thanks Mr.Holmes
obsidian lark
Thinktwice how did you get the flags?
fossil helm
Thinktwice how did you get the flags?
Enumerate it inside the machine
flag.txt root.txt user.txt just find it
fossil helm
Thinktwice how did you get the flags?
You need to have root access so you can find flags in other directories. Also there are 1 command to execute to have flags just search for what command is that. Some machines you can find flags on the website itself , in mysql etc.
In windows it just a 1 command you can have all flags already.
@obsidian lark https://github.com/MatheuZSecurity/Koth-TryHackMe-Tricks
fossil helm
<@849711117471318077> https://github.com/MatheuZSecurity/Koth-TryHackMe-Tricks
@marsh cobalt
obsidian lark
Thinktwice, thanks for the info.
That all happends After you get initial access, initial access is my issue.
stiff egret
That all happends After you get initial access, initial access is my issue.
In that case you'd want to practice more on Easy/Medium boxes on platform.
Challenge rooms*
obsidian lark
Mr,Homes, thank you for the advice.
winged grove
Hi !
short tusk
Probably consider how we word things, ey? @civic vortex
That message is not at all appropriate.
Please report all KoTH rule breakers to support@tryhackme.com and refrain from calling users names. This is your only warning, you may be removed if this happens again.
leaden basin
https://koth.guru/ Just in Case Someone Don't know!
steep agate
Hello I'm late π§
?
fossil helm
Probably consider how we word things, ey? <@346877537026179072>
That message is...
Srry if may sound rude but...
I guess thm should also practice answer some email/s
I did just skipped the most important part of red teaming the ad section because of the broken network
The reset has been spammed by other room that is same network with AD section
That is why players are more preferred rant here in dc more than in emails cuz the staffs are active here
If i report this guy on email will thm do an action to this?
Luckily just had 5 players he cannot do shit on resets
I gave them time to do the king so they will not complain.
velvet vapor
Bruhh whats the entry point for Hogwarts challenge its impossible not getting anywhere near
stiff egret
Bruhh whats the entry point for Hogwarts challenge its impossible not getting an...
Try scanning for -p-
Incase you're aware about the Hogwarts castle Stairs in Harry Potter not needed for this, just side info.
The ports and services juggle. You might want to do through scans before you start testing.
I recommend rustscan to get ports and then do a -sCV to check what's running where.
fossil helm
_Incase you're aware about the Hogwarts castle Stairs in Harry Potter_ not neede...
is hogwarts designed that you cant wget and curl?
He maybe referring to this match
I didn't change creds i just let them in cuz im testing some alternative defense in hogwarts
stiff egret
is hogwarts designed that you cant wget and curl?
There are some restrictions in the box.
opaque gull
im here :p
twilit pawn
Thinktwice did you use mount in space jam?
fossil helm
Thinktwice did you use mount in space jam?
Nope πΆβπ«οΈ
twilit pawn
How did you do it? Can you teach me?
fossil helm
Are you surprised that i bypassed you π
My time was short cuz im reading web funda path a while ago lol
opaque gull
its fun to play with @fossil helm and @leaden basin , sometimes they let me to take the king but later they stole it easily lol
steal it from me*
twilit pawn
Are you surprised that i bypassed you π
Yeaaa
twilit pawn
Yeah I didn't even know what to do
fossil helm
We're the same im new also.
spice mason
@fossil helm what did you do the the filesystem lol
fossil helm
<@1081021596652798145> what did you do the the filesystem lol
Where?
spice mason
Where?
in the root folder I couldn't do anything. It said it was a readonly filesystem.
steep agate
in the root folder I couldn't do anything. It said it was a readonly filesystem.
umount -l /root
umount -l /root/king.txt
spice mason
umount -l /root
said /root wasn't mounted
spice mason
umount -l /root/king.txt
I think he was using a script or something but it appears again when I use "mount"
steep agate
said /root wasn't mounted
check the mount
spice mason
steep agate
mount |grep proc
probably some script using while to mount (btw, this can end up breaking the machine on some occasions)
spice mason
Also you're MatheuZSecurity right? found your github through all this madness lol. great resource
steep agate
Also you're MatheuZSecurity right? found your github through all this madness lo...
Thanks
sour vectorBOT
Gave +1 Rep to @spice mason (current: #2357 - 1)
fossil helm
I think he was using a script or something but it appears again when I use "moun...
π
It is just a 3 line command
I just found it in other players while looking at what they do then i just add something
civic coral
i just like placing some funni sliver implants and hide away after chattr'ing king
maybe some tty trolling sometimes
fossil helm
Yeaaa
I did it also to glutto. I dont know what he is using it's some loop that is my first time to see
steep agate
i just like placing some funni sliver implants and hide away after chattr'ing ki...
if you are "hiding" using mount, it is not the best trick to use hehe
civic coral
not hiding with mount, usually playing around with funni ttps i see in the wild
steep agate
not hiding with mount, usually playing around with funni ttps i see in the wild
Do you say rootkit?
civic coral
nope, rootkits feel like (and probably are) cheating in koth
steep agate
because these are the two best known ways
you can try to do something like enter in ssh without tty, but even then you are easily discovered
civic coral
and to be fair most of what i see on the linux side at work is just RW deployment and exfil 
but have seen some silly persistence
fossil helm
nope, rootkits feel like (and probably are) cheating in koth
Just disable them right away
But you cant do that to ch1 lol
Is like he is advance in 1 min lol
steep agate
and to be fair most of what i see on the linux side at work is just RW deploymen...
Nah, these techniques are silly
It's a shame that practically the best players I've ever played against stopped playing, btw, it gets tiring at some point hehe
steep agate
and to be fair most of what i see on the linux side at work is just RW deploymen...
You could say that maintaining persistence with a kernel thread in koth is really OP, with the process in state D
civic coral
as a blue teamer I do want to do koth more just always forget
steep agate
You could say that maintaining persistence with a kernel thread in koth is reall...
and then
hide this process
Furthermore, I have never seen anyone on Koth who could hide 100%, even from the userland, even in the "real world".
civic coral
hiding processes is fun, though i prefer beaconing services and have an idea for some .so hijacking shenanigans
steep agate
hiding processes is fun, though i prefer beaconing services and have an idea for...
It's a shame they can both be found/detected, bypassed and removed very easily
civic coral
true, still fun though
light flame
nope, rootkits feel like (and probably are) cheating in koth
they aren't forbidden so it's not cheating FYI
opaque gull
now im playing with someone on production machine. everytime i be the king he reset the machine
is that legal ? game has 2 players only he did reset more than 2 times
fossil helm
now im playing with someone on production machine. everytime i be the king he re...
Name of the player
obsidian lark
Do you say rootkit?
rootkit!!!!!!!
honest beacon
now im playing with someone on production machine. everytime i be the king he re...
who is that
low steppe
now im playing with someone on production machine. everytime i be the king he re...
lmao this is funny π
opaque gull
Artisan73
honest beacon
That's the problem in 1 on 1 with randoms
yes brother
honest beacon
bro closed ssh...
try to find new ssh port.Changing ports are allowed by the way
honest beacon
bro closed ssh...
That's good brother you found new port
opaque gull
That's the problem in 1 on 1 with randoms
how about to bring my alt next time if 1v1
civic vortex
Probably consider how we word things, ey? <@346877537026179072>
That message is...
youre not allowed to say that they are dirt* players or mention their name
near lily
careful you might get banned by mods
Please don't spread false rumours about the moderation team, after all, you're still here.
civic vortex
Please don't spread false rumours about the moderation team, after all, you're ...
sir yes sir
fossil helm
how about to bring my alt next time if 1v1
Bring it if the player is suspecious or does have history of abusing reset button.
Damn i about to play but i saw the history and Mah G is there
Wait imma let him sleep so we can play lmfao π€£
I got 10+ people dmed me on how to defend the king what did I do
Im so kind so i answered them all with @steep agate github on how to play koth as a start the rest is their own research