#koth

@somber dust what's the hostname of your current game box? I'm curious

How do I go about finding it? :p

It just says thm-prod

Seems like a generic hostname

AH

You got mine then

What's it like?

Ah nice! You made the box?

Really enjoyed it

GG @weary kindle

GG

also, is killing someone's process considered attacking others?

No

i did not do that, cuz was unsure

is it ok to kill other players shells?

alright

just not attack their actual machines

@ember agate yes

Any lobbies going?

So long as you don't aim for their computer

I'd like to join one, even if I expect to lose horribly :p

Eh, I'll 1v1 pars later to test it out

ok, thanks everyone for a game, i will take a break and try to build some notes

Are we allowed to create crons that inserts the name into king.txt every minute?

i think all is allowed except specified

Yes, although watch out for giving people ideas 😛

like fw rules and killing services

I'm gonna go create a cron

and i would keep all of these secret haha

https://tryhackme.com/games/koth/join/c12618329b80cc62ad944d2d

I wanna get Prod

How do we leave KOTH lobbies?

Cron's done

@brazen cloud You dont

I joined mine by accident as well

Joined dan's by accident thought it was a spectator link

same

Well

Now you're getting thrashed 😆

the link should probably have a confirm thing

I can't set aside 45 mins

yikes

You throw it in ideas @rigid raptor -- I'll copy it to submissions

@weary kindle nice box

I'll copy you to submissions, muriburi

Have fun practicing @weary kindle

sorry lad my bad

so it's just gonna be me and dan? lmao, by the time I get in, Dan'll be ready to kick me out

I suppose

Especially if he gets his own box...

@dapper escarp you up for it?

I've taken a seat that I didn't want / cant

:/

Just 10 more minutes, go get user

Run gobuster, nmap and anything you can think of

i did it

That's a spoiler

oh sry

It's fine

Wanna really troll people: Set the start time of the room for as long as possible, then watch people drop into public games they have to wait hours for without the ability to leave them.

lul

you sir are evil

is it okay to change passwords and ssh keys?

Yep

https://tryhackme.com/games/koth/join/c12618329b80cc62ad944d2d

30 secs

Ffs who set it to 1hr

3 more spots avail

it's just gonna be you and me, dan. I fear for my life.

I'm in

ooh nice

I warn you, I'm not gonna be actively getting root, just need ever-changin rooms to test and develop my new tool against

lmao, dan is king already

how tf

xD

I remember this box

oof

im out of my depth here xD

I won!

gg @gusty cradle

Thanks!

i was well out of my depth

nice malware

gg @gusty cradle

Thanks!

:)

Need to pull myself out of bed and jump on this

Same ^^

Well, I need to pull myself out of bed and document some code, but wth 🤷‍♂️

I just realized that I had found 2 flags already :/

I've suddenly realized a flaw with people just automating root after hitting boxes enough

I didn't know they had a different encoding

Perhaps implementing a way to randomize access points would be a good idea

ssh-keys / password / parameter changes on deployment

^^

Stick that over in ideas. I'll put it into submissions

| /index.php source code:
|_SherlockSec
|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
|_http-passwd: ERROR: Script execution failed (use -d to debug)
| http-phpmyadmin-dir-traversal: 
|   VULNERABLE:
|   phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
|     State: UNKNOWN (unable to test)
|     IDs:  CVE:CVE-2005-3299
|       PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
|       
|     Disclosure date: 2005-10-nil
|     Extra information:
|       ../../../../../etc/passwd :
|   SherlockSec

Something tells me ShelockSec is in there 😂

XD

he coming

I quit after he got king in 1min

😂😂😂

Port 3000 is juicy

And now it's gone

I created another KoTH room starting in 30 mins if anyone wanna join - https://tryhackme.com/games/koth/join/a4bfa2f174a6e2013c02df5d

Damn

@lusty portal can we have shorter waiting times for KOTH? Like a 5 minute wait option or something

15 mins is too long imo

Yeet, let me add that in

Im changing how public games are joined, as there are so many lobbies with just 1 user in it.

can u make an option so we can leave a scheduled game aswell lol

Yes

probabbly can add something like ready button where everyone can vote to start

thanks

cause i keep joining games with sherlock and he gets king in like 5 mins xD he 2 gud 4 me

im a big scrub me

hes taken notes on all box entry points

https://tryhackme.com/games/koth/join/aa3a49564af2bd4d265c0526

one more spot

seems like you can go to his stream and just check what he is doing

and do the same :b

but then thats just cheatin

but the rate hes gettin these flags hes definitley done this before

this box

haha

this one has 2 empty spots: https://tryhackme.com/games/koth/join/a4bfa2f174a6e2013c02df5d

this is why a leave function would be nice

i played that box with him before

"localhost:1337" dammit skidy

first time he was like 10 times slower 😄

I maybe looking at other data whilst people are playing

Im adding a leave button now

thanks

i'm a noob, so plz take it easy on me ;-;

Opinions on only allow 1 users to enter 1 lobby at a time?

Pls no

I've seen so many lobbies with 1 user in

someone just have to get in to root and take his king off

Some of these boxes are done with so quickly

then you have dan autoscripting koths

he is not hardening machine so there is still the same way in anyway

guessin u have done this box before haha?

i'm just throwing it in haha

I haven't

didn't even look at the streams, so i'm a newb to the whole concept

I did this one about 30 mins ago

and seems like i can take ip from his stream

i like it hard on me

Still fresh

and seems like i can take ip from his stream
@ember agate Its on the same network

So yeah you could

Damn son

Almost king

my kali box died

@quiet schooner is Food yours?

@weary kindle ...why do you ask?

Tis' a good room

/ box

❤️

Im changing how public rooms are made to make it easier for groups of people to join. New code push coming in 1 hour

@weary kindle, did you delete charattr binary in 10.10.69.129?

No?

@weary kindle I hope the evil bits weren't too evil

damn lol

4 flags in 10 minutes

it randomly works not

?

24 is my box

so

balanced

😐

ohh wow

@weary kindle I'm interested how much of the box you've discovered

6/8 flags so far

I'm interested more about which paths you took

@weary kindle did you leave something open?

Which box

24

Everything is still open

what user did you use to log with SSH ;/

ashu

i done htat box

got so close to getting king

then timer ran out

big oof

i think in need to get some understanding of key formats loool

what players can do if someone just puts shile loop with a line that changes king.txt?

kill the process

@lusty portal trying to join a public game results in a 404

we can't because while will put it up again

you kill the process it terminates

i know what killall is

man kill

@ember agate not if you stop the program. Killing it does the same kinda thing as Ctrl + C

i can't even kill parent bash

But from another TTY

there is no tty

koth isn't a game mode we help with

the idea is independent research

You can stop dan from winning, but you need to google harder

stahp killing my sessions

and if parent for that while is games binary?

https://hackers.attacked.me/QB0nlSVmL3fI.png

object Object

O_o

How Sherlock? What steps?

I just went to games/koth

@ember agate You need to do your own research

object Object is my favorite band

sorry for questioning here

Hehe, remember that Koth is direct competition. We like helping with questions that can't be googled when it's a learning environment. Koth? Koth is war 😆

how to damn use vim

any games goin'?

how many flags are there?

4?

Hover over the flag icon

It'll tell you

oh, yeah. right

thanks for the room though

really good learning curve

tyty

Did you run chattr?

damn u

😂

and the koth script

killed my terminals

smh

Insufficient players

we can try

Daymn

which game are you in?

i don't want to open any game link because of that auto join 😄

if i will open wrong one i will have to play multiple ones at the same time

https://tryhackme.com/games/koth/join/58e5fff4bdb588f0fbe9eba8 - Join Link
https://tryhackme.com/games/koth/34 - Spectate Link

https://tryhackme.com/games/koth/join/d1a33b262c892550506b1c9e

https://tryhackme.com/games/koth/join/d1a33b262c892550506b1c9e

https://tryhackme.com/games/koth/join/d1a33b262c892550506b1c9e

Public join @dapper escarp ?

yeah

should join you in

@dapper escarp you hopping in vc?

ready to get stomped by Dan as I imagine he's done the entire pool

I have

just waiting for stream to start

looks like Im gonna lose

same tbh

Dan has home field advantage

Are there going to be koth games all day?

yes

Awesome.

@flint oriole You can also start your own

I might have missed it but what's the user limit, if any?

6 per session @flint oriole

oh

@weary kindle Dominating the recent game board, however looks like game 21 SuitGuy will win

@lusty portal does the king service require sudo?

as I think I somehow broke it

Ooo

by deleting sudoers

Which box?

oof

shrek

I will investigate, just pushing some new KOTH changes

My version of the king service shouldn't require sudo as it runs as a service

But that's a Zayotic one

@dapper escarp

You need your name as a capital

Otherwise it wont find you

damn it

the bloody cap

when can I has lower case

sorry just saw that in my logs

And thought

Wait a sec

lmao

I didn't even realise

username change coming soon:)

pls papi I beg

I beg

skidy please

just make him happy

robo3t that db and change it for him

Its done, just needs user input and limiting to changing once a month (and testing)

You know you've hardened the box enough when you hear "Why is there a parrot"

I was pinged?

My apologies

It was me

I didn't see you were streaming

oh you're good

I'm just chillin

Can I DM you, quick question.

Don't want to spoil it

about KOTH?

Yes

Maybe, it might be better to DM the individual box creators though lol

Who made Shrek?

Zay

Thank you

I'll speak with him later.

sounds good!

.

@lusty portal is that you?

Sorry, I moved over to a dev environment now. Removed myself:)

https://tryhackme.com/games/koth/join/ff50ccc2a8f222a260aa6c67

ooh, no

i joined randomly again

but seems like i was able to leave

@meager cloak Not sure if you're aware, but you're making a private lobby, if you join a public lobby, others will join organically 🙂

And you can invite friends

Hey Skidy, there should be an option that allows to ban players from joining so I can ban 'sherlock' 🙂

I only have Create private game and Join public game

can we make that site-wide thanks

https://tryhackme.com/games/koth/join/0176e044c74896168836eca3

https://tryhackme.com/games/koth/join/0176e044c74896168836eca3

https://tryhackme.com/games/koth/join/0176e044c74896168836eca3

@mellow bough can you give us like 3 koth voice channels

are you playing 3 boxes at the same time LOL

no

just spammed in vite

He's a god he can do it.

I was earlier tho

@lusty portal change the reset votes needed from 4 to 66%?

@lusty portal change the reset votes needed from 4 to 66%?
@weary kindle Ah yes, forgot about this. Will work on that early next week

yeah 4 people to reset in a 4 person lobby 😂

Also how does that work with 1v1s?

^ Ah good shout

I didn't think of that

I might make the min of resets needed 2

that's abusable

min number of resets needed 2 for 1v1;s

66% doesn't trigger in a 1v1 smh

e.g.
2 person lobby = 2 resets
3 person lobby = 2 resets
4 person lobby = 3 resets
5 person lobby = 3 resets
6 person lobby = 4 resets

I added two more voips

Skidy is this game mode sub only?

yes

Seeing people without sub in a lobby

66% fixes this issue

Interesting

Might be a sub but because they haven't done any rooms it doesn't show the banner

Skidy is this game mode sub only?
@dapper escarp KoTH is sub-only yeah

Might be a sub but because they haven't done any rooms it doesn't show the banner
Huh?

Seeing people without sub in a lobby
@dapper escarp Wait

Wot

!rank myalt

https://tryhackme.com/games/koth/46

you know what I forgot to do

lmao

Add the if statement to stop non-subscribers

Well played Skidy

f2p trial

Add the if statement to stop non-subscribers
@lusty portal nevermind, its there

But I see my issue

there are 2 ways to join

through invite link, and through the button

Can't connect

Well played Skidy
@dapper escarp Fixed, thank you for reporting that.

Opinions on showing the VM title along with the IP when games are played?

Hi does the king of the hill is for everyone or subscribed users inly

subscribed

only

Even the private rooms

i dont know but i think even private rooms

Yes -- all Koth is subscriber only

Oh okay

do Koth game give xp?

Ooh, good question

@lusty portal -- points for Koth?

Points for KOTH, but doesnt go towards your THM score:)

Is that profile points, or just game poitns?

Ah, thanks 😄

So no, Koth games do not give points to your profile @narrow parrot

okay thx ❤️

Opinions on showing the VM title along with the IP when games are played?
@lusty portal I'd vote no because in the long run, people cough can just associate vm titles and adjust accordingly before enumerating from the get-go

Imho I think it's best that as little information about the box is given in that regard

@lusty portal yesss show VM titles

Would be good

@brazen cloud or script the exploitation based on VM type

However, you can fingerprint which box it is with nmap

Either way in the first 2 mins of doing a box u cna tell if its one u have done already

if ports=this/that/theOther then box = shrek etc

So might aswell

Add the title

that's what how I meant

Yeah I mean it's trivial in that regard I suppose

what's the first two minutes in a 45 minute game I suppose

There's 65535 ports that you can use

If you have 3 open ports, that's an insane number of possible open ports

65535 ports on the box 65535 ports

You take one down

Scan it around

Fingerprint easy

65534 ports on the box

paradox is now nmap

"is" implies that he "wasn't"

Yws

Yes

Oof

Just had a horrible Koth box idea..

All 65535 ports open? @terse willow

Maybe...

It's already a thing

Damn

A really evil idea is just to have everything done through udp

Meh, I'll keep it for a normal box then

Ooh, that could be fun too

No one gives a duck about udp

https://tryhackme.com/games/koth/join/06140534985498ef7751012c

is there only one user flag

between more than one /home user?

Why don't you find out?

reading the flag on spacejam /home user1 and user2

are the same

user.txt

@quiet schooner

Ok?

I already did

was just wondering if it was a mistake or not

?

@quiet schooner

I didn't create it

both user's have the same string

got it

1 min for https://tryhackme.com/games/koth/join/06140534985498ef7751012c

1 spot left

So the question is, who is meshal

Mr steal yo woman

https://tryhackme.com/games/koth/join/72db9c6f02ca71483008a8d9

Woooo optional you are keeping the castle locked tight

hahah

Woooo optional you are keeping the castle locked tight
@vagrant monolith I saw you trying to drop your name using cmd=

You closed 3000?

❤️

There are other ways in

@vagrant monolith There are other ways in, I just patched that one service

I'm coming 😉

gl

optional man holly ... I can't get in. Nice job

I'll apologise now aha

even if you did you'd have to change king which isn't easy :p

Yea great job

Seeing you've hide so many shells across the box now

haha

Learned a lot

This game mode is addicting af

true

persistence is key 😄

did any of you experience a shell die?

Yea I got in for some time but after a while I think you kicked me and yea I only got 2 flags. I am not that experienced but

I had that once at least

But I must've kicked you also once?

I did kick myself once as well, that was fun

Nice

Yeah I think my shell died and one of you kept removing my www webshell to get back in

lets go boyss

3 min tell my first koth

@fair adder español?

Just played KOTH, It was awesome 🔥

Who did you okay with?

Can't see a button to exit from a koth, bytw won my first koth. It was awesome

Just had my first KOTH game as well, gotta say, its awesome, one of the most fun CTF types i have tried
Keep up the good work!

Who did you okay with?
@lusty portal with fellas I met through the "looking-for-group" channel 🙂

Awesome:)

NANI?

REEEEE

is that James' doing?

Nope @vernal gust

But you played yourself @steep raptor

yup

Lmao

That wall broadcast tho

so fun fact, theres an option to execute commands on ssh login

I highly suggest knocking .bashrc out

did you remove someones path @full grove

hm?

lmao thats not my doing

@steep raptor no spoil

oh sorry

wanted to know if it was him

Intentionally a pain in the ass

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin should fix you issues

james you beautiful boy

just did export PATH=$PATH:/usr/bin

close enough

wp wp

Ayyy

well done on the box James

REEEEE your wall rick rool

ssh user@box -t "rm ~/.bashrc"

ez bypass

pepe energy to the maX

question the game has ended but the box is still active

@lusty portal one of the games isn't showing in most recent

yeah, thats how it is for a bit

@lusty portal one of the games isn't showing in most recent
@dapper escarp It only based on certain conditions, .e.g. if just 1 person gets points, it wont

or is most recent randomly selected?

oh ok that makes sense

in other words, I need to let someone take king.txt xfor a second

@full grove Did you enjoy the box?

good box

Any feedback, DM is open

i really need to start tearing the boxes apart after easy initial entry

kinda like shrek

I Love shrek

James' your box is really nice tbh

i found how i could potentially gain entry as a different user with the ability to read files

even if I only found one foothold

Shrek is a ballache

in other words, I need to let someone take king.txt xfor a second
@dapper escarp ahaha inb4 you change king.txt to someone elses username

Oh damn

that's a shout

i gotta work on Windows KOTH tho

Again, any feedback please DM

that might be up next

@full grove real talk need to work on my windows skills

i think i can bang it out in a few hours

im just tryna think if i wanna take the Mr Robot approach to it

no life, tonnes of drugs?

^

Great suggestion

10/10 would recommend

Stay safe, kids

so coffee

coffcoaine

What do we think about the public games? I think some people are entering games and not playing (because it starts in 20 minutes). Was thinking of perhaps a ready up type system or something?

That would be pretty sick

I've done a couple of public games and they have had two idle

I was thinking:

If 3 or more people are in a game (no time limit), they can ready up. If they fail to ready up, they get removed.

Something along those lines

https://tryhackme.com/games/koth/join/d8462c8299e23d58c6f1cc1c

@lusty portal That's some CSGO thinking

Ready-up feature would be good

Yeah, I think i tmight be the way to go

Just need to test which is the best way

@terse willow Loving the avatar when ur king: https://tryhackme.com/games/koth/69

Damn game 69 has passed

@fair adder @terse willow what box did you get?

Damn game 69 has passed
@quiet schooner Game 1337 is going to be big 🙂

I give it 2 weeks

If people keep just creating private games and sit in it by themselves yeah syre

I plan on fixing that

our record is 1-1 @terse willow

we settle this at high noon tommorow

Yours @quiet schooner

And it is great

We already have 30 people for the competition for KoTH

I've just thrashed pars with it 😆

i was playing koth earlier but now its saying i have to be a subscriber im sslty

pshhh

if I recall

I thrased you game 1

You did...

Does this mean we're not allowed 1v1 @lusty portal?

Because honestly it's great fun

if you dont allow 1v1's we riot

No I mean, people are sitting by themselves

Like just 1 user

oh

Uh...

With no-one

yeah thats a no

That doesn't seem fair

I made it so games dont start with 1 user in them

Sounds good

so high noon tommorow @terse willow

?

Depends whether I get the rest of this code documented before 5AM 😆

But quite possibly

Who's noon?

oh that was more of a showman thing

Haha

high noon showdown

you know

This brick wall is still killing me by the way

I dislike it

we can do it whenever tommorow

I very dislike it

yeah im notgonna use that in future games

it ruins the fun

Literally sitting here killing off processes looking for it 😆

its not running anymore ORacle

😁

the process is already dead

Oh, I promise you

The process is alive and well...

then just

reboot the box

Nah

I've got a workaround

Sitting with a fully fledged root shell

@terse willow @fair adder plz dm feedback

On the bix

Box

I have an idea for a theme for the next one

shrektangular?

shreked republic?

Shrek box was fun

i didn't do it yet :c

Yes box feedback

Although I didn't like the path I took

Whatever box this was, was also fine

@fair adder was it food themed?

It was bot

Not

Actually

Yes it was

whoops

sorry

wp wp @meager cloak

ok how does the king.txt work for points?

Every minute, the content is checked

The king gets points

GG guy's

GG

gg

gg

It was a battle of the while loops

and I lost

This is what it's all about

Gg

only if i was any better. GG @meager cloak

Is there a wait before you can play another koth or can you just keep going game to game ?

No wait, other than for the game to start.

Anyone want to 1v1 on shrek?

If you wanna loose 😛

you wanna say that to my one liner that instantly gives root and hardens?

☹️

you wanna say that to my one liner that instantly gives root and hardens?
@dapper escarp I’ll try to make my own one

gl son

I believe

Thanks dad

https://gyazo.com/e9ce46fd3b2b34b7eecc23d8df609478

I'm sorry

@sharp stirrup rip shrek

So if we play koth and get shrek

your child has been massacred

I guess we just

Lose

@dapper escarp nice man😊

I won't spoil the behind the scenes of that script

@lusty portal dad are you proud of me

dont give him ideas

https://gyazo.com/e9ce46fd3b2b34b7eecc23d8df609478
@dapper escarp Oof

Thats scary

1.5 boxes autopwned so far

just need to get Dans and James

I'm interested once you get it for Food

have shrek running with arg passing now too

pog

Gonna need mutliple games to get low priv on @sharp stirrup's new box

So @sharp stirrupjust wins

can you be apart of more than one KOTH at a single time

Yes

I forgot that the game had started @steep raptor

oh sorry

removed something already

you want some help

@torpid notch ?

yea I did the same box last night and I still cant get any of the flags

Sherlock plays 7 KOTHs at a time

How difficult are Koths? If you would rate them? easy?medium?hard?

They're easy boxes

They have to be since you have to get root, get points as king, and defend the boxes in 45 minutes

@fair adder Okay thanks for the fast reply ❤️

<3

already ready for new machines

have only done food,spacejack,and shrek

never gotten tryler or production yet

@steep raptor Did you get user on food?

i think sow

https://tryhackme.com/games/koth/join/a2edfb10b320ed5a5f4bbfd4
4 minutes till start

BANNED USERS----
Sherlock
optional
&
any other user who knows every exploit and can get king in 2 minutes without running a signal scan

why they oh

whoops missed ya

can't believe they already scripted the answers

that was fast

@rugged pumice Haven't seen this box before

same ;/

ncie new box woot

oh the same thing

again

I'm in a rabbit hole

REEEEEE

w0w

owo

staring at a screen for 50 minutes,
clueless ;/

if you wanna run another one when that one is done im more than down

@weary kindle you were explicitly told not to

so.

Can you not?

James

Mate

are you taking the piss?

I'm playing monopoly

pull that rod out of your ass

real quick

I joined as a meme

can confirm

wow, good job James ;d

Please be polite my guys ❤️

last 1 was just yikes,
new one in 5 minutes
https://tryhackme.com/games/koth/join/140a4ffc63ce7fe4712f275a

@weary kindle got you too budd :)
https://tryhackme.com/games/koth/83

I didn't mean to click that one smh

monopoly

https://tryhackme.com/games/koth/82

i hope it's not the same box

@rugged pumice Since I'm the creator of this one, I'm patching only

you created this 1 😮

does the ''Ping'' button do anything?

Can't really give hints in Koth 😄

Gotta figure that one out

I'll dump my auto scripts the last week of rotation

Oof

@rugged pumice I'm patching the box

gg

GG

gg @fair adder

gg wp

any one from india

i cant buy subscription ...

card denied msg pop up after submitting setalis

pls help

@cinder blade might be worth emailing support@tryhackme.com with your problem

also make sure that your card supports international purchases

morning

anyone will be playing today?

everyone :)

I'm likely to play a little later

might nap soon

in what time zones do you live?

mostly UK

think the majority are either uk (BST) or America (mixed)

in KOTH i must waiting someone join ?

in public games, yes

if you create a private one, you have to share the link to it

i see , then if counter down competition not start while some one join right ?

there must be >1 person to start

so 1 v 1 are possible

i see and when 1v1 start no any new user can join ?

if the game is private and you send a link to someone

i mean in public

then obviously only this person will have access to join

public games can be joined by anyone in a certain time frame (preparation time)

https://tryhackme.com/games/koth/join/998727b78508a498132d02e7

wow, fifth flag

love this game mode

lol - 7th, flags everywhere

love this game mode
@vagrant monolith amazing:)

To make public games better, what do we think about having public game start times longer, unless 2 or more people ready up?

maybe you could make a ready button for admins so they can start a games without a timer

To make public games better, what do we think about having public game start times longer, unless 2 or more people ready up?
@lusty portal and when all ready reveal the ip

Yea

Can we modify iptable rules?

no I think

I guess, as along as the services are not effected and its not a stupid rule such as blocking every connection apart from your active one.

https://tryhackme.com/games/koth/join/58802d1cff76f7b24ae3fda2
starts in 5 minutes

BANNED USERS------
Sherlock Holmes
optional
and any other user with a 1 liner, aka King in 1 minute

I feel attacked

I don't even have autopwn

Haven't had the chance to make my scripts yet

but you can get King without scanning 😉

not true

How about instead of making a ban list. You make better scripts

As not gunna lie it’s obnoxious seeing a big banned users thing

what's the fun in autopwn

@dapper escarp In fairness, that script of yours for Shrek is lethal. Only way you're beating that is by making a more efficient one and I shouldn't think that's really the point of Koth 😆
Although the ban list doesn't really sit right, I agree

I made the script as a challenge to myself

I don’t use it

Anyone up for a game?

Well that's fine then isn't it? No point in banning at all then, is there

Ah fyi I used to make htb autopwns but stopped. So the fact I have the chance to make some now makes me happy

🙂

The only box id even consider running a pwn script on is Tyler as I have no clue how to get to root so would need to extra time

@dapper escarp It's something I want to try, frankly. Gotta love some scripting. A one liner to automatically root a box just makes me so happy 😆

Although I would agree that doing it for anything other than the challenge is a low blow

Unless it's a 1v1 against @neon sleet -- then it's fair game 😛

The script doesn’t harden

It just gives a persistent path to root, so it’s not as unfair as people think

There will still be other ways up

Gotta work on the harden script now

Fair. That's another thing I really gotta learn

Oh, thanks for the reminder

Need to go find the wall binary

I have to play a few more times to get a feel for the multiple entry points.

Wall should be in your default Linux installs

I got rekt yesterday.

@dapper escarp Oh, it is -- /usr/bin. Just needed to find where it is so I can kill it as soon as I get into a box 😁

You can just rename it

and still use it

Why would I want to use it?

I'm after something far more devious 😁

@lusty portal u considered adding a chat box on koth? ik its a stupid idea but still

I was going to, but thought Discord would be best:)

I think I am going to improve public games joining first

ah ok yh

What I miss is a way to see what kind of public game is created, open for me to join. As in the wait time on it. Perhaps a list of open public games? To see who’s in it

I’ll send it through feedback 😁

Thanks, displaying public games onthe dashboard is a good idea for users to see

Sees optional Dodges

legit

if i see u or sherlock am dippin

Just wait until I start playin

I've seen Skidy hopping in which means it's totally fair game for me to start messing things up 😉

but i love the rush of fighting my way back in @mellow bough after getting the boot

hehe

Honestly, these games are a rush and I love them

Even watching them is a blast

ya can't wait for windows machines to kick my butt

@steep raptor think we’ve got a problem on our koth😂

no

there is something

i did to prevent you from writing your name

Ou okay

can you figure it out?

Chattr

NOPe

Failing that just kill all bash sessions, if it’s a script it’ll kill it

how is everyone today?

can you figure it out?
@steep raptor Nope,

well i know what i did but not sure how to enum for it

whooops

Hi everyone 🙂 someone knows when the next KOTH event will be?

We're running a KOTH competition next week

https://discordapp.com/channels/521382216299839518/546650767495397376/696681499852013638\

Great 🙂 is Hammond also on board? was fun watching him last time 😉

i will put money down on 2 people that i think will win

I don't believe it'll be streamed or recorded at all. That was a once off.

probably dan or optional

yep

lol

legit whenever i see them in a game cause they get king in like 5 mins

to be fair, they know all the boxes now

yh

but there's no doubt they know what they're doing

@steep raptor none of us cant get king isn't it?

that's right

how did that other guy figure it out

mmmm

who?

oh figured it out

lol

can't find it with ps

REE

will retired KOTH boxes be setup as hacktivites. Would like to work on the services I don't understand without getting kicked out.

They will be retired in a way that you can still play them, hopefully alone too

hmm, if the boxes are retired, then on the last day, streamers should be allowed to stream the box

For the last week, I think the policy was

wow.

plz stop

Banned

self botting gone wrong lol

what was that?

also, that sounds cool, @quiet schooner

someone repeatedly posting "this [something] was not found" or something like that. I don't think I could paste and hit enter that fast

but why?

people do weird poopy all the time.

anyone wants to join? start in 15 min
https://tryhackme.com/games/koth/join/b312c4324debc59e1e4093f3

@jolly parcel Can you access the box?

*oh nvm it responds now

https://tryhackme.com/games/koth/join/4ff4d3bd0db3b65787467004

um whoops

I swear no autopwn

imagine using katana in KOTH

katana doesn't work in koth 😂

imagine people not joining this public game

Would be sad

FoodCTF has been patched. In summary,

We have over 50 people signed up for the KOTH competition

We might have to do games of 10 users per KOTH game

What's the structure?

I feel like 10 might not go so well

5 games, winner of each goes to the final

James is right

Hmm

25 member games

Maybe bracket tourney?

10 member games

Winner goes to next round, some rounds

Nah the 10 member game idea seems fine

Koth isn't really designed for bracket tourneys

plus with just such a small pool of devices it makes it easy to autopwn

@quiet schooneryou makea me so sad ;-;

@vernal gustexactly

That's why I didn't enter the competition

it's very frustrating

like Dan got root in 5 minutes

10 member games seem not fine

I stand no chance at victory because there are people who have these scripts ready

while i struggled for 10 doing recon

how many days until the competition

1 week

It's on the 13th iirc

So 1 w ek

Week

And in that time the scripts are gonna get better

@lusty portal is there any chance for competitions we can get competition specific boxes

Because certain people have a clear advantage since they've already done the boxes and built autopwn scripts

Push it back a week maybe, use next month's boxes?

But then people will have an advantage for next month

If we have boxes dedicated to competitions

Then there's no external advantage which can be used

Or gained

Well boys? Looks like we're designing a tonne of competition boxes...

Especially since you're offering money

There's gonna be people that make an alt account to do KOTH with

So they can get more time to analyze the boxes

brb buying 5 subs to play KOTH and write autopwn

There's way to many ways to cheat this imo

@quiet schooner you only need 1

We have a KOTH box unreleased (not yet made)

We might just that

8 bucks for 150 seems like a good deal for me

And just stop streaming for it

I think you'd need 2 KOTH boxes?

3

One for the quals, one for the final?

2 or 3

Ah yea

Good idea

Depending on how many rounds you have

Maybe that Windows box will be ready? @full grove 🙂 If not, I will get another one created

quick someone send Spopy some redbull

ill make sure it is

So just to be clear

Windows for the final sounds fun

In the future are we getting competition specific boxes @lusty portal

I was just thinking if we could fastrack a couple of boxes for the competition so we have some mystery boxes in the pool

I think @low whale is creating a spec for a new KOTH box

So we would have 3

That's good

Good, its needed

If you want me to do a koth box I can, im done with this zth room, I just need to send the vms to Ashu since I can't upload them on thm ;-;

;-;

ive got a lot of the construction on my box done

i just need to implement the fun portion

oh yeh looking forward to the windows box 🙂

If you want me to do a koth box I can, im done with this zth room, I just need to send the vms to Ashu since I can't upload them on thm ;-;
@fair adder Thanks, Ill talk with Ashu and see where things are at:)

Might take you up onthat

will be a very good challenge 🙂

i just need to implement the fun portion
@full grove Awesome!:D

You'll have the Google drive links to the vms in an hour @low whale

My internet is a bit slow for uploading

no worries @fair adder 🙂

vms

lul

just send it over when reaadyy

He's done four for one room...

I have 4

LOOL amazing

CC pentesting had like 7

Then there's me, looking at doing two for my SudoVulns room before it got split up, thinking that was way too untidy, and learning docker just to avoid it. Four is just *shiver*

I have no idea how you stand that Pars 😆

It's my room style 😁

RIP Pars' internet...

S*IT GOOGLE DRIVE

Ran out of space?

I have to repulosd one of them

F

Actually making a koth box with the web vulns I've done here would be great

Any noobs like me up for a game of koth

been waiting in public all rest of the day

@void rivet join if you want

@steep raptor I'm a noob lad

I'm new to all this

if you have another player i can see in lobby and watch

Nah just me

well join if you want to

watch it be the machine that I have trouble with

can't play by myself already tired

I'll join in a couple mins

Just doin somethin atm

whenever your ready

you're

im in

jeez

ur gonna fuck me up

cba to wait 10mins ill make a game and inv u

@steep raptor https://tryhackme.com/games/koth/join/441b04065ab003317723e64b

I'm down in a while if you want more competition

yikes

u two are gonna fuk me up

Please keep the language pg13

ninja is going to eat some oreo's

ah sorry

my bad

Just a byte @steep raptor