#koth

actually, fifo is first in first out

You may be right...

Thanks

Me being an idiot

on contrast to LIFO, which would be a stack rather that a queue/pipe as FIFO is

so i run that script and use netcat to listen to the port??

@terse willow 😛

Anyway -- the shell is sent via netcat. The stuff that's sent back gets output into the FIFO, thus forming a full circle

i got locked out anyway

Yeah, I knew you were right as soon as you said that James 😆
It did feel a little off

Meshal locked me out

xD

closed ssh

That's a really good trick to remember either way @void rivet

yh thanks for that

Because you can almost guarantee that it will work, as long as netcat is installed

https://tryhackme.com/games/koth/join/ddc731605158c5cbeb2d42af

It's easier to do mkfifo <file> rather than mknod <file> p though

Meshal has locked up the ssh aha

time to go to a enw game

you mean they closed the port?

yh

thats what i mean

I think that might be against the rules

It is

ooof

That's a DoS of a service

ooof

well

I mean, that's not usually how that term is used, but not wrong for the literal meaning

yh aha i shouldve just said closed the port

oh, no no, I meant DoS :p

oh haha

that's usually when you flood something, but what James said is not technically wrong

@rigid raptor Service was denied

C I A

A was impacted

still not how it's usually used

DoS isn't a flood

You can DoS by crashing servers

so this guy broke the rules

Possibly

probably

oof

big OOF

🤞 hopefully he does not get in this 1 ;dd

hopefully

so I assume you've got your autopwn setup? @rugged pumice

no, i don't know to how create them

bash is easy

wym

you literally just chain commands

i've never scripted/coded in bash, don't know the syntax

bash is easy once it clicks

but until then it's black magic

keep practicing

sshpass -p password ssh user@box;ssh-keygen;echo oldpass\nnewpass\nnewpass\n|passwd

ez

there isn't really any syntax

there's plenty of syntax

its basically chaining one liners for koth

no real syntax

all the syntax

@meager cloak same box 3 times in a row

ok that is all i can do on that box ;/

i legit quit

idk what to do there

Which machine is it

michael jordan 😄

spacejam ;)

Eyy

i ahvent even got creds or a flag for spacejam before

tried it 2 times

is that your box, Skidy?

Nope:) Shrek is a box I designed, but it was created by Zayotic

SpaceJam was created by Zayotic too

Right :p

i got you parallex

he stole it 😮

@rugged pumice what u mean aha

haha

i put your name in the king.txt file 😄

xD

be he is fighting back

haha

ill send u a script

hang on

i have 1

ah ok

@rugged pumice ur holding it of though 🙂

he is doing something ;Z

oof

i need to learn how to do this box

got it back 😛

aha yesss

still got 50mins

hehe

this is the easiest box to get king in

but now what ;///

well its easy if u know how to aha

someone up for a koth?

https://tryhackme.com/games/koth/join/fe4adb98662d252fe21a78e7

meanwhile on my side:

sowwy

dude wtf this worked until the koth started

restart it :?

i did

i regened my keys also

@fair adder Control C, reconnect

had to reboot for it to work

https://tryhackme.com/games/koth/join/78e1eec85932be3e731c8f82

starts in 20

https://tryhackme.com/games/koth/join/87ee6a6aff41898169dc914e
17 minutes, 4 players so far

i feel like i found a way how that root shell could be used next time

https://tryhackme.com/games/koth/join/7af1358c18abd331a478e9d1

wow just found out there is 2 PROD rooms, 1 good, 1 broken 😐

Huh?

Lmao

Or maybe that was food?

If Dan didn't do it, it probably wasn't patched

70% of my time i was trying to figure out what room is it... I know all 5 rooms and this didn't look like 1 of them

Food was patched like 24 hours ago @gusty cradle

^

Yeah, you mentioned it to me once

But only a lil bit

Yeah, not a fan of patching boxes mid rotation

So I can guarantee that Prod has not changed

i'm talking about production room
there is a normal good version
and there is the "broken" version
no?

I don't think so?

I'm not 100% sure what you mean here

@rugged pumice We're currently doing Food

||GOOD 1||

bad 1

Different boxes

2nd is Patched Food

Don't post spoilers too

my b

im so confused lolll

@quiet schooner You made the 8th flag too hard to find, I found all except that one

@gusty cradle if it's the one I think it is, it's worth a bunch

And I really like where I hid it

Guess, I'll have to try harder

out of curiosity, why was the food room patch :?

@rugged pumice I messed up one of the routes by mixing up 2 commands, and I patched something else too to make it a beter box

@quiet schooner Are there other ways to get foothold on Food? Or is there only one?

There's 4

4 😮

👀

Someone patched the first one

Yep

professor can you help me
professor "try harder"

https://tryhackme.com/games/koth/join/b741c3dc958ccbb63bf3c6af 4mins

james,I have a question about the patched food room, can I pm you because it my question has a potential spoiler ;?

Yes @rugged pumice but I can't promise I will answer

https://tryhackme.com/games/koth/195

you can now see which machine users are playing

cheers

wait it tells you the name of the machine now?

Yes:)

what's the point of nmap?

You're currently playing spacejam

I mean, if you have not played it?

I have played all of them already

ready for new ones

and the windows one

Coming next week

But machnes will be rotated every month

what are you thoughts on the change with food?

Ya good:)

@steep raptor do you like the new website?

the form at the bottom isn't working REEEEEE

The flag form?

😄

no @rugged pumice koth box webpage

@steep raptor You enjoying the food patch?

flag submiting box?

Daymn

Changing the website to 666

😛

@quiet schooner yes and no

at least you fixed that image lol

@steep raptor The patched route is still easy, just not as easy

James, patching food, does the host monitoring thingy needs to work? or can I just ❌ it

😮 skidy

i closed the only way in I know

I noticed:)

there is more than 1 way in ?

@rugged pumice he removed that because that is what everyone was using

not sure if it's still there

@rugged pumice Breaking the service counts as a DoS to me

@rugged pumice he removed that because that is what everyone was using
@steep raptor There is another website running

what if you made the service filtered?

James

please stop

you're going to hurt yourself

with statements like that

@lusty portal i know where that is

James, the service is also 'sort of' a ||backdoor/shell/exploitable/thingy||

@rugged pumice I legit cant see how you're connected to the box

Am I overlooking something?

im long gone, you kick me out 😞

lol

Ah, I run a few commands without even looking who is connected first

So might have got you on my first hit

truuu

I didn't realise skidy was playing

he has the writeup for the boxes

Yeah there is that

call him out for cheating now

😮

I really need a box where I can say I dont have the writeup, because I'd love to play legit

with people

@lusty portal I can give you delusion without a writeup?

Is this a KoTH box?

I thought it was for a room

it could be

just wait for my project to be done

Just need to rename to Asylum

@lusty portal Remember your reviewers can review in theory

Then no-one will have a writeup

Ashu is creating a new KoTH machine, so will have someone else review.

And have him not send the writeup in the chat to whoever makes it

skidy there is no way that there is another of getting into the box apart from ||(1 x 1500) x 2||

skidy there is no way that there is another of getting into the box apart from ||(1 x 1500) x 2||
@rugged pumice There are many ways to get in, not just port 3000

3 other initial access methods

All KoTH machines have at least 3 initial access vectors

without creds? 🤔

You on Shrek now?

By exploiting vulns

oo ok,

🙂

its the michael jordan aka 666

Ah, Spacejam

lmao 3000

there is also a way to patch that without completely killing it,right?

You might need to restart it, but you can patch it I bet

https://tryhackme.com/games/koth/join/4b4f5626c97e7041a148c9c2

Hi Guys

hell0

machine need reset!

vote for reset please

@gusty cradle

Reset is not needed

ssh key changed

yea no that would be intentional

Not reset worthy

Nice try tho

you must change vote reset to maximum

5 people in room and 1 left , 3/4 voted !

Fine, I clicked reset,happy?

"I CAN'T WAIT until randomization of ssh keys, passwords, etc comes in place"

@rugged pumice Such enthusiasm! 😏

bro I googled 'enthusiasm', and still don't understand what you are trying to say 😄

i did just that, but still did not understand it

I want to get shrek or food so I can use my autopwn

I need to test it out

go again?

😅

kind of burned out from KOTH already

until the comp

hi

how its koth, any good for beginners or not recommended?

just to learn something and have some fun

not to win

im too n00b

https://tryhackme.com/games/koth/join/53d5b9dd6216530a5698bd64

ur rank god

i am joke here

i don't have to play lol

😆

we can just talk

yeah thats the reason why I'm here

to chill

and maybe learn from better players

hold on

mic

needs to be plugged in

I'm hoping it's shrek

Or maybe Tyler, I have not done that one

Alright, which one of you deleted /etc/passwd 😠

ya doing ok

Someone also broke the privesc

what privesc?

join the chat lets talk about it

I think they deleted the vulnerable binary all together

im still on the box

but unable to do anything because passwd is somehow missing

Were you the one that stopped ssh? 😄

Yeah someone deleted it

no?

@rugged pumice Were you the one that did it?

no

?

sorry I was a bad admin

https://tryhackme.com/games/koth/join/42df2a56511625adf617c45d

Autopwn mode on

We got shrek!

anyone playing any games?

https://tryhackme.com/games/koth/join/42df2a56511625adf617c45d

tarasz your alt?

❤️

@rugged pumice you wiped the flags out?

/home/donkey/flag.txt empty

what flags:?

no

oh I see what you did

i f9888ked up at the beginning and now can't log in

A nasty autopwn that smells like man

flags are empty

cat was removed

they aren't empty

are you sure?

use less

An alternative for cat works

it shows

which flag is empty?

all flags are there

@jolly parcel Ignore me

lol ok

cat wasn't working so used an alternative

You disabled passwd?

no

i don't have own autopwn script, just know the way to root

You rooted and hardened in under a minute 😂

Even my autopwn didn't work that fast

my autopwn keeps failing everytime and i don't have a chance to work on it

i have scripts for persistence

not for root

pretty much the same thing 😂

Root pwning is the tricky step usually

and then i manually patch all privescs i know

so maybe i missed something there and there is still a way to get root

like someone did on the last game

and removed passwd -_-

@jolly parcel Did you remove /etc/sudoers again?

yep

ya D:

it's very easy to gain some persistence in a few mins, i am working right on a way to get good persistence without modifying or deleting most of the things on the box

Who did the spam?

not me

It's @dapper escarp

get /dev/urandom'ed

I have control of the shrek, he has donkey, you have root

Just be glad he doesn't have the parrot ready

You guys enjoying the linpeas wall?

thought you'd like some priv esc tips

@dapper escarp You're evil

keep killing my connection

@jolly parcel Close ssh 😆

rm /etc/passwd

easy win

rm -rf /* -- more easy win

DOS

deleting flags

etc

does removing passwd and shadow count as a DOS?

hope so that sucked

Stop with /dev/urandom

aint me anymore

🙂

all you need is 2 commands

who and pkill

i am almost sure there is another way to privesc

that i haven't patched

Well Puss is locked entirely

Shrek has been gimped as his only way is in ssh

I'm shrek

Hehe

@gusty cradle have your autopwn script worked?

Didn't get time to check it out, let me see

Nope, it required sudo

Which you deleted

well, we can restart

so you can check

1 vote left

Who shut down ssh?

congrats to someone

sudo: no tty present and no askpass program specified

It returns this error

spawn a pty session?

btw, are the flags rotated each game?

Soon™️

wait ssh actaully went down?

I think that was when the box restarted

Kill my session

I kill your sanity

how are you doing there?

I need to go to sleep, see you guys tomorrow!

night @gusty cradle

gnight mate

anyone doing lobbies without auto?

https://tryhackme.com/games/koth/join/b4e068c57a1fec1caf4e039c

we are kind of already in the middle of one

@dapper escarp

what is koth?

King of the Hill 🙂

Not until people /dev/null cat in KOTH

why dev null it

when you can replace it with terminal parrot

https://tenor.com/view/interesting-fascinating-very-interesting-tip-ti-ti-gif-12432901

Ffs what is with you and terminal parrot haha

It's a brilliant troll tbf

my new favourite thing is creating ssh spam sessions to wall other peoples terminals

That was great

praise while :; loops

Need a cowsay displaying "you just got trolled"

In-line bash FTW

Man the things you can do with one line of bash is disgusting

why dev null it
@dapper escarp could replace it to echo "Meow"

Agreed, who doesn't love a cheeky bash one liner

I might just spam it with links to my youtube or twitch 😂

That's a decent way to plug

Gotta take all the opportunities to plug

Or rick roll

lol optional always a troll

You know if you don't get troll stuff like that, I'm trying hard to win

as I usually plant stuff like that around to stop people, if it seeks you out then I'm trolling

I think the biggest trolls in KOTH are the Ox1s that just autopwn

too many autopwn ruining the gamemode tho

Just gets boring, oh look you autopwn, looks like I need to use my autopwn and lose any enjoyment

yeah I don't get that takes all the fun out of it

Writing an autopwn is more entertaining than using the autopwn

^^

Hard agree

I did it as a laugh

like on space jam, you can harden the box and gain persistence with one curl command which is hilarious

Shrek is equally as easy to get root callback and t hen have it execute a bin script on nc

I haven't had food or production more than once since KOTH released

only shrek/spacejam

Think I may start playing KOTH when the new rotation happens

^^

Yeah I don't think I'll be playing much unless it's private lobbies with people who won't autopwn

as it just gets boring else

People have also played the boxes too much so they instantly know what to do regardless of autopwn, starting late in KOTH is pointless

I dunno

A lot of people don't explore past the initial exploit path they find

so the harder ways in are rarely patched

once there loads of boxs that should change

Once I get the motivation to develop a koth box it should be interesting

more than 2/3 users

pivoting and multiple priv escs etc

users having only one way into them kinda limits it heavily

That could be interesting

oh look shrek needs an id rsa, better regen the keys

rip shrek

Oh puss uses telnet. Better shut that off, F for puss

better echo a passwd for donkey. Box dead

gg no re

Random passwords and flags each game would help, I wonder if you could have a rotation of locations as well, change the paths to flags

I mean in theory it's possible, a nightmare to implement random paths

I just think the complexity of boxes needs to be increased a bit

as they are too easy to autopwn

If all the boxes were like Tyler for example

that would be a good time to be alive

Yeah, people say Tyler is harder than the rest of the current boxes

Tyler is much harder

I've only had it once

maybe twice at most

still haven't rooted it

Any idea if the KOTH boxes will be made into challenge rooms once retired?

Think there is the idea of having a retired pool

idk if they will make them into rooms or just keep it as a pool

would need Ben or Ashu to clarify

Ah okay, either or would be decent

retired pool would be nice as it would give people who wanna stream it a chance to have a koth experience without spoiling active rooms

It would be cool if https://github.com/SecGen/SecGen was a KoTH box

Random everytime

https://github.com/cliffe/SecGen/ new repo

Its possible to get that working

Would be very very fun

^^

^^

We've setup SecGen for use in our CTF's here - very doable, also very good content wise!

Hey I'm working on that, it just takes time

https://tryhackme.com/games/koth/join/58088c3d607351fe4a36dfeb

People I have not seen before are playing

Why not join them

That's a lot of new names

@rigid raptor Join or no 🍰

I already did, you bulli

😏

@rigid raptor is playing 😮

This is new

I really hope this box isn't Tyler

That wouldn't be fun for anyone

hahaha

I played once before. Got my butt handed to me.

I'll likely not do very good, but oh well~

it'll be fun

Got to be in it to win it

What was the last machine you played?

spacejam

SpaceJam?

Ah yes

i couldn't find any damn way in

Thats a nice one to start off with TBH

haha, in that case i'm really gonna get it

oh

Oopps

hahahaha

Unless someone closed a port to help you get in

I hope it's shrek 😄

or Food

I hope it's 🍰

All different too

yupp

uh, I should probably connect to the vpn now

@rigid raptor Held og lykke, ignore my pathetic Danish. 😄

tak tak

Du er velkommen

We got tyler 😢

F

Oof

Unlucky

Well, GG game over

I got one flag

Time to found seven more 😢

I think I found something, but I need to research it first

did you just put me as king, @gusty cradle ? lol

cause I didn't

Nah, I just came back I've been gone for last 10 minutes

hahah alright

@rugged pumice They are the one doing it

ah, looks like the winner is giving everyone a few points xD

Yeah

hehehe

😐

cute

Also means that the leaderboard will be made public as there are multiple king changes

hahaha

mmmh, I'm missing a few pieces to get in >.>

This is hilarious

King keeps changing

666 is doing it

i'm going afk, every 1 minute there is going to be a new king. so everybody is going to rotate. you can see the ps running on the box on the live stream

pfffh

I didn't see the stream

one sec

That is great 😛

I was wondering how everyone had king time without flags.

On Tyler

😄

mmh, I found several approaches, but for all of them i'm lacking pieces

hmm

I bet i'm missing something super obvious

if ma1ware is not in by now, there is something wrong

I think they left cause of the box selection

ohh 😄

Nah, I'm here

oh, right

I just came back

I'll piggyback my way in

I have homework to do 😢

ew~

Online school started again today

I'm going to take a big nap

so you do video chats or just online assignments ?

@rugged pumice Online assignments they upload videos

ohh

I think I know what to exploit, but unfortunately it does not seem to be working right now, so I started doing homework

@rugged pumice gg

gg

You guys up for another?

i gotta go to work in 30 minutes ;/

I thought you had homework :p

I completed it

surely you can pwn us in less, 666 ;D

English homework

well, i'll skip it because I have to eat, watch couple of video, etc

it wouldn't be fun for you guys if i go there and patch it in 3 minutes; without autopwn 😉

Keep my name in your mind, I will wreck on KOTH comp day, not the good way, but the "check yoself before you wreck yoself" way

I will WRECK... (Myself) 😫

@steep raptor shoot up link for koth if possible 🙂

https://tryhackme.com/games/koth/join/c62ff54e5929a55abb99d514
PUBLIC
15 minutes

summon @dapper escarp and @weary kindle

was getting food

how's everyone

good n u?

im doing alright the covid-19 stay at home is kinda getting to me though

staying at home is chill lol

@rugged pumice it was just when thing were really to start to come together, then covid-19. Oh well

nothing I can really do other than stay home as must as possible

@rugged pumice how was your last KOTH?

the 30king changes game?

@rugged pumice the one you just posted in the KOTH chat

ohh, it was 1v1, with my alt account 😄

oh

i forgot about it and didnt play it

can't wait for the new KOTH machines to kick my butt

same

u wanna play?

not right now still eating and creating more notes

kk

@rugged pumice think it would be cool if someone was able to pop a shell with VBScripts on windows

yep, I've been looking into windows privescs

what happens if the exploit blue screens the box and there are not enough people to reset it

would that be labeled as a DOS or admin failure to defend

I checked my own windows to see if there was some privesc and I found 1 that allows any user on my pc to create another admin user :E

whops

it wouldn't be DOS because it is not your fault that the machine crashed/couldn't handle a service properly 😉

i wonder if we will be able to 'Remote Desktop' the windows machine ;o

@rugged pumice what do you use for remote desktop. There is a Linux tool I install on kali to do RDP from kali

as the client

me too, but i forgot what was the name of the tool

remmina @rugged pumice or do you use something else?

yes, i believe so

Yo

intentionally BSOD'ing the box would be more griefing than anything else

also doing that would be incredibly stupid as BSODing the box would prevent a person from becoming king -- they'd basically be relying on flags, which is a really bad strat

Yo I'm in koth rn, need some peeps to join!

Link if you're interested: https://tryhackme.com/games/koth/join/4569c9bedd627553a64490f1

anybody for play ?

We need a conformation button, before joining a koth match

gg

I joined last 15 minutes 😢

that was a fun box. I guess we're not allowed to talk about our solutions tho

i rly enjoyed it

went ahead and joined the next as well

https://tryhackme.com/games/koth/245

https://tryhackme.com/games/koth/join/79e64a68778cbe972ea3a572

@lusty portal Are you playing?

I am not, have the writeups as someone said, so would be unfair.

I've also tested a lot of the machines

😅

https://tryhackme.com/games/koth/245
Daymn, 7 person game

8 now

sad me that i can't join

Heck yes! #announcements

We're getting production

ooh

glhf

@latent quest

Change it in your profile settings

^ only if you're actually that level tho:)

https://hackers.attacked.me/b3PR0baqg3aF.png

I'm going to check real quick...

I’ve been summoned

https://tryhackme.com/games/koth/248

RIP Tyler

Thoughts on removing Tyler until we have a better matching system in place?

Hell nah

Plus. I don't know that better matchmaking would fix the issue looking at the ranks of the players.

Don’t do it

Tyler is the only room that provides any challenge at all

Lol

https://tryhackme.com/games/koth/254

King on Tyler

pog

dpgg is insane

added to my dodge list

why everyone is making new accounts to kick others ass? just come from your main

^

^

I see you've gotten Food

inb4 people think its a problem with TryHackMe:)

I am thinking, it's problem with Dan 🤔

I'm not even playing KOTH atm 😅

I'm training my attack in OSRS

🙂

Food is really good, I am not finding any way to go through 😅

@lusty portal @dapper escarp before that game, i had the same machine

Is KOTH team based or is it just 6 person free for all

free for all

Is it diversified in skill/challenges? For example, my web is drastically better than binary exploitation

I saw in John Hammonds videos there were multiple ways in

Which is nice

3rd time tyler in my room

are the rooms for koth generated every ~25 minutes?

Any hint on FOOD Please 🤦

We can't give hints for active Koth boxes...
Kinda defeats the purpose, don't you think? 😛

is there a possibility to lower the countdown when someone joins a room

im in 🙂

is anyone streaming koth?

8 players :O, thats new

@nova tide I don't believe that it's allowed.

its allowed

for this 1

^

its allowed

even still watching 0ptional's previous video, also johnhammond have one on his channel

Yeah. My understanding was the launch one was an exception. I could be wrong on that however.

@rugged pumice Shrek autopwn on 😏

Streaming the active pool is allowed for the first month

As soon as there is a retired pool, streamers have to switch to that

@gusty cradle try it

rooted

@weary kindle Got it thank you!

now what ? @gusty cradle

What do you mean?

still lurking i see, ok

😆

lol, your deleting flags @gusty cradle

you can't do that

No

I'm not

i can't see my uploaded file ?

Some idiot deleted shrek's flag

i uplaoded but can't opened it not found

wow

@rugged pumice Tut, tut piping chattr to /dev/null

not me

2/4 already lol

OK! im angry now

😆

Good defending, Not even letting me to be on box for atleast 1m lol

reset the box 🤦

😄

how many times are you guys going to restart the box

the outcome is the same

I win

gg

gg

I have not won yet

why would you

?

I SEE U

No, you don't I'm hidden

Just one more reset 😄

😄 lol

whoever is doing this, just give up!!!

@rugged pumice ...are you on an 80s VT terminal?

😄

is 1 of those retro terminals i have installed

i really like it

Kind of reminds me of Fallout

lol port 22 closed

is ssh down?

@rugged pumice That's me

😏

shouldn't be

;/

Guys reset

i think its down for maintenance

😄

how many resets did they do so far 😄

SSH is down...

😠

3 minutes ; no point of reset

its this time of year

You keep stealing my root!

😄

of course

and you keep logging in some how 😄

I have a backdoor 😆

Good luck finding it 😆

i can tell because i've secured some stuff

@rugged pumice gg

I'll get you next time

😆

😄

At least I know my auto-pwn works

😄

Just create a internal port loop on a local server on the machine

your not closing ports

just re-directing traffic 😉

You talking about ssh tunneling?

y e s

That will still leave ssh open

Not if you re-direct any new connections that aren't your IP

It's a good idea

Thanks

👍

Time for some koth

Send me link, When your up. @dapper escarp

Stream is up, starting properly in 5 minutes

Private game, nevermind

let them play alone, they look like they are fresh ;D

I have a new name in my game

huh?

https://tryhackme.com/games/koth/275

Oo

inb4 someoen autopwns

gunna scream if they do

@rugged pumice is in and has done every box (I think?)

Will be a race:)

@lusty portal I want link to join 😉

just click join public

true

I don't plan on autoing anything today

👍

so if someone auto pwn I just jump into next game

basically oh look king in under 2 minutes

out

If you can work out who it is, let me know.

Congrats on that tense game guys, I was watching in the shadows!

i don't have any autopwns, i don't find them fun

you have enough alts so it's assumed you have them

just saying xD

;]

@dapper escarp hop in mentor lounge big man

alts are only used to develop your knowledge/scripts

is usually my assumption

I use my alt to develop autopwn

seems 1hr is not enough to enumerate food 🤔

;/?

got down into many rabbit holes....

@glass flare 1hr is plenty for food

I do need to verify my Food autopwn

There are no rabbit holes.

@glass flare Send an invite 😄

You are currently doing Food, right?

its in public lobby

https://tryhackme.com/games/koth/join/ab7fc2821f6d5695c8579049

Nop, I did it back...

Has the match started?

There are always rabbit holes, James. Especially if you make them yourself :p

15 mins

To start?

Or to end? 😆

start

I think, i enumerated food too much.

hitting everything hard without any success.

There is no too much enumeration

Don't hit things hard

Hit things smart

😂

👍

https://twitch.tv/sherlocksec

https://twitch.tv/optionalctf

I think we're playing some viewer games at some point

https://twitch.tv/sherlocksec

https://twitch.tv/optionalctf

I think we're playing some viewer games at some point
@weary kindle Viewer games?

Games with viewers

play koth/275 or watch both streams 🤔

how did I not get that rip

And thats awesome

When you do, I can put an announcement out

Put it out whenever bby, hopefully can get some decent games without autopwning

I think we're both live now, so

ima watch @dapper escarp and @weary kindle stream instead of playing

Oh. That would be fun to watch. Definitely going to play some latter today.

would be cool if you guys did squad stream 🤔

not a clue how that works

;/

plus chat says we need partner

why i can't change this file with root -rw-r--r-- 1 root root

ok so flags wont change in koth hill, people save that and spam right after the room starts.. have already saved the passwords for all users as they have done the room before.
so whats fun in that??

I assume that that's going to change in a coming version. This is the first version of KotH, after all. It was just released not more than a week ago

yeah i did watched the beta stream but i am still wondering whats the fun in that??

ok so flags wont change in koth hill, people save that and spam right after the room starts.. have already saved the passwords for all users as they have done the room before.
so whats fun in that??

you can choose not to play if the current version isn't enough for you, you know :)

well thats one way to put that, Thanks!!! gotta stay put in the Quarantine then

Keep it sleazy, mate :p

why i can't change this file with root -rw-r--r-- 1 root root

somebody is doing dos or ssh brute forcing or something now in koth and it's really sad 😦 Why ruin the game man

What error are you getting, @distant zealot ?

@rigid raptor Permission denied

@ionic yarrow I believe there's a report system for this on the game page

sounds like you don't actually have root, @distant zealot

Really where ??

uid=0(root) gid=0(root) groups=0(root)

is it possible someone change it ?

I thought it was at the bottom of the page, but now I can't see it. Might not be visible to spectators

who knows, @distant zealot. It could be all sorts of interesting trickery. It all depends on the other players

@rancid pewter you did it 🙂

Yes

ah then game is over 🙂

hehehe :)

there is no way recover it ?

Yes there one way

Not if they patched it up correctly. But who knows, they may have missed something -- or left themselves a backdoor

I have patched up nothing I just make the king.txt write protected

And now I simply mess with their terminal

haha :p

what mean write protect ? mean root also can't write ?

Yes

then there is no recovery ?

I did the same with my ssh key on the box

Yeah you need to use a specific program

haha

i see chattr ?

Yup

good job

I have moved it in the /opt folder if you to be king for the last minute

good

what, you moved chattr?

I moved the chattr binary

hahahaha

that's absolutely hilarious

Did you guys had hard time logging in ssh ?

Good job everyone nice game

gg

and if i upload new chattr binary i can change it right ?

Yeah

haha good

yeah, I was just thinking about keeping a stash of binaries for that sort of thing.

Yeah. Going to play a bit and get a feel for what I'll find useful.

https://tryhackme.com/games/koth/278

^ Lots of users

aye skidy?

heyo

when's the next set of boxes coming in?

End of the month

But 2 more are being added Monday

awesome

A new Windows/Linux box

windows

I can dig windows

@lusty portal think someone just jumped on migrated to the king process

someone DoS'ed the 9999 port

Is it DoS'd or a mistake?

Hm

https://tryhackme.com/games/koth/275

No king update for a while

I mean king isn't updating

I have persistence on it

I will investigate AWS logs to see if I can catch anything, and then try match it to the virtual IP if I can

Just speeding up THM atm by rewriting queries/restructing database

I love how skidy is THE admin, but is 0x1

xD

much respect

https://www.twitch.tv/c_talio

@lusty portal admin or not use commands in #bot-commands Thanks 😆

I said it and I delivered @dapper escarp

Lol

shocked you're not banned

why 😄

😉

You broke one of the minimal rules that KOTH has.

which is?

what are you binding your boot process to?

Out of curiousity

@lusty portal Hide all the box names, and don't atleast name the boxes, maybe hard to make autopwn keep secret.

@dapper escarp @weary kindle please give us a chance 🙂

you rooted tyler

doubt we have a chance really

as i said i played tyler today 4 times

and after the 2nd game i gave up, its not fun at all

@glass flare you can immediately tell it based on your nmap scan

I love how skidy is THE admin, but is 0x1
@cobalt jackal He went so far up the scale there was no where to go but loop back around. 😁

@reef storm Tyler is the most fun box for some people, they're different in difficulty by quite a bit

If game 279 isn't Tyler, winners gets a free sub? Make it a little interesting

I head the privesc of Tyler was patched or changed? I'm most likely wrong

if game 279 is shrek I'm not playing koth anymore

^ nooooo

I only seem to land in shrek/spacejam

Shrek for love and life

no shrek

autopwn boxes suck tbh 😂

Ah yeah I saw that script

Tyler is the only one that doesn't have auto to my knowledge

10 players?! wth

I increased it for next weeks competition

Nice haha

cool

Might decrease later

New weeks comp new boxes or nah?

2 new boxes

hows the bracket working for that?

After talking with Ashu, we couldn't have 5 new ones developed in time

is there going to be any ad machines?

Ahh man, I might join in if I get the chance

And time to test them all

if its tyler i'm not playing

If there's two new boxes it depends on how the bracket works

Havnt played tyler yet @reef storm ?

i had 4 times in a row

If it's groups and winner of group goes into finals bracket

that's good

if not then it won't work as auto

get root > harden > autopwn written

Tyler 4x in a row is like 0.16% chance

Crazy unlikely

I'm here to say that the box selection isn't a mathematical chance

I've had shrek 5 times at this point

I promise its random

only seen food and prod once

Food eyy - Going to be a good game

Randomness is weird, but yeah I had tyler 3x in a row too

Oh my food...

gg guys, was fun

gg

i think it was optional's stream where he said it would be fun if we have to play multiple machines at a time and hack both of them at the same time

as you have 2 boxes coming up may be try that?

Guys on Food

just because you can't edit the king.txt file means reset

just means tryharder

Resetting because the binary is missing is just griefing

Ah box is slow 😦

So uhm, @dapper escarp I guess shrek closed up for today 😛

My first go at shrek, so had no idea about entry points

yo

why did it changed to 14 mins

it was first 7

lol when i refreshed it went back to 4 😛

So shrek still has a numebr of ways in ❤️

Someone regenned shreks key

so idk about that one

helping out..

high ports

do a full port scan

donkey is also still a way in

@fair adder