wow that was easy
#koth
lilac lantern
8 flags? is that all
yeet
that was by far, the easiest room i've ever done
Gg gethecked
uneven perch
I wonder if the "No walkthroughs" rule applies with Optionals YouTube video on the box :p
mellow bough
That was approved and we are changing the verbiage around KOTH to make it significantly less restrictive
uneven perch
Aaah, ok
lilac lantern
@mellow bough I do live streams of these boxes.. Am I in breach?
if so I will remove
sorry, I should have requested permission first.
uneven perch
I'm super surprised that he had no custom automation scripts
mellow bough
Oh no not at all
You're perfectly ok to live stream them!
We're going to clarify all that later though
lilac lantern
Ah sweet, thank you. Feel bad for not asking first!
No worries. Hopefully should see more people in with these streams too.
Even advertised you guys on a facebook page for Tech support people
mellow bough
If I see you streaming when I'm on/ending my stream I'll make sure to host you as well
You can post in general when you're livestreaming THM btw
lilac lantern
Oh sweet!
https://www.facebook.com/groups/thisisanitsupportgroup one of the biggest IT support groups.
Advertise away my friend!
i'm gonna say, since I joined in January, this has gotten huge. Big props to you guys.
only just posted 😂
right ok now my fb is being spammed.
lilac lantern
😂
gusty cradle
Food is one of the easiest boxes
lilac lantern
R U CRAZY
gusty cradle
full grove
@lilac lantern did you enjoy it? :3
lilac lantern
which one? 😄
full grove
Pain
full grove
Mind if I ask, which vector you took? 65k or SMB?
quiet schooner
EB @full grove
full grove
kekw
lilac lantern
People say "it crashes the box" yeahhh.. because you're not going about it the right way 😉
and that's all I can say
dapper escarp
Hey leave the tactical blue screen alone
dapper escarp
Nah tbh I have a theory that if you manually do eb and encode your payload with shakita ga nai it evades it
lilac lantern
english? 😂
dapper escarp
Manual eb allows you to specify your payload for rev shell
lilac lantern
ahh yes
dapper escarp
Encode it to evade av
lilac lantern
I have my notes for next time
dapper escarp
Bobs your uncle
gusty cradle
@uneven perch It's like one of the easiest boxes in rotation.
I think that's intended?
lyric perch
Our machine stopped responding and we have only 3/4 resets (one player is AFK)
What should we do?
lilac lantern
this is also a question, if there's 2 in a private lobby.. it still asks for 4 people to reset.. what do we do then?.
lilac lantern
#AbandonGame
lyric perch
yeap, that is a bit frustrating
lilac lantern
lyric perch
this is why it is in beta I guess :DD
quiet schooner
@lyric perch DM me an invite and I'll come along and vote fora reset if you need
lyric perch
https://tryhackme.com/games/koth/join/e5c4d1689c6b17dd8dd05af8
may someone vote for a reset please?
lilac lantern
done! @lyric perch
lyric perch
thank you
If someone gets root and wants to keep his name in king.txt, is there a better way to do this rather than creating a cron job that keeps writing your nickname after every minute?
lyric perch
are we allowed to just stop services running on certain ports?
lyric perch
you mean change the code of some services for example?
quiet schooner
Fix vulnerabilities
lilac lantern
so, if I had a linux machinbe
could I remove the id_rsa keys from where I entered?
Or would that be a bit too much?
quiet schooner
@lilac lantern Yes you can do that
lilac lantern
Sweet
gusty cradle
@lilac lantern Make sure to regenerate the rsa keys for that particular user and remove them again, as most people store id_rsa keys.
lilac lantern
Thanks for the heads up
I'd normally just gain access
remove the keys, remove them from authorised users
and kill their ssh process
#HowToBeADick
iron sable
@dapper escarp yo dud
dapper escarp
sup?
iron sable
i see u already got root
gusty cradle
@iron sable 👋
CommandLineKings?
iron sable
@dapper escarp dope, 1st time playing this one dude
dapper escarp
Also anyone in game 1216 you don't need to restart
there are some really easy methods to get in that I have left unpatched for you
iron sable
sditi koulchi awld l97ba wtat9ol khlit lik t9abi. 9wd 3lya
grand ember
latent quest
Waiting for people to get their foot in the door before slamming it on them? 😉 @dapper escarp
dapper escarp
exactly
latent quest
How kind of you. 
lilac lantern
sorry 😂
harsh obsidian
I hope this is a good box..
@lilac lantern Yeah, that was a fun one
lilac lantern
not a fan of food!
quiet schooner
@lilac lantern Again, one of the easier boxes in rotation
quiet schooner
You don't need to know web lol
The boxes are designed so there's a bunch of ways in
harsh obsidian
not a fan of food!
@lilac lantern I'm starting to like food. I'm learning a bit and making progress on the box.
quiet schooner
@lilac lantern From Kali?
Also, nmap -sV -v -p- -T5 and investigate the ports as you find them
lilac lantern
yeah... When I tried the box last time my nmap took like 30 mins
quiet schooner
You should fix that @lilac lantern
lilac lantern
Thanks 😂
harsh obsidian
My nmap takes long
@lilac lantern ports=$(nmap -p- -vvv -min-hostgroup=32 --min-parallelism=32 --min-rate=1000 -T4 $TGT_IP | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//); echo -e "\n"
nmap -Pn -A -sC -sV -p$ports -vvv -min-hostgroup=32 --min-parallelism=32 --min-rate=1000 -oA nmap $TGT_IP
lilac lantern
wtaf
harsh obsidian
The first line runs a quick nmap to ID open ports, uses grep and sed to clean it up and store it in the variable ports (and prints them to stdout). then runs the second stage which does a more in-depth scan on just the open ports.
quiet schooner
@lilac lantern Also, it shouldn't take that long at all
harsh obsidian
@lilac lantern Also, it shouldn't take that long at all
@quiet schooner Agreed. What's your go to nmap?
harsh obsidian
nmap -sV -p- -v
@quiet schooner Solid and easy. I like it. My staged one is great for normal boxes, not so awesome for the first time I see a KotH box.
which @patent glade @fair adder is on Shrek right now (1228)?
I have to say, though, that I'm really enjoying these KotH boxes. I'm learning a lot and having a ton of fun. What are y'all's thoughts?
harsh obsidian
KotH 1235 starts in 12 minutes. https://tryhackme.com/games/koth/1235
rancid pewter
It a link to spectate
quiet schooner
I'd assume it's a public game
rancid pewter
Good point
harsh obsidian
It was, started already. I finally found my way in, have all but one flag, and have to figure out how to get king. A lot of progress since last time.
I'd assume it's a public game
@quiet schooner https://tryhackme.com/games/koth/join/bfadb2d0d8415dc7fabc03ed
primal stag
gg
lilac lantern
morn \o
lyric perch
May please someone tell an example of patching something on the box? For example, how can I patch the service that allows to upload and execute python files on the server?
lyric perch
anyone wanna play ?
https://tryhackme.com/games/koth/join/63a09c4dc7afe915e574e56f
sick fractal
ugh,
there will be a fight
nimble tangle
@lyric perch in most cases if its something like that you can just remove it. So long as you're leaving an entry method somewhere then you're golden.
quiet schooner
@nimble tangle @lyric perch the rules will be clarified soon. I thythe policy is you can't close the service but you can remove the RCE
gusty cradle
@nimble tangle I don't see a rule anywhere saying that you can't patch everything?
dire sentinel
@nimble tangle I don't see a rule anywhere saying that you can't patch everything?
@gusty cradle you gave me an idea. i'm too unexperienced to try koth, but i'll work on this if it'll be possible
gusty cradle
I usually patch every path that I know of after I get root.
@dire sentinel Nah, you'll be fine, the machines are pretty easy to root.
nimble tangle
@gusty cradle True, with it being a new game mode it is being worked on and as James said they will be clarified and fixed up. Normally it's just a courtesy thing particularly on the new boxes to leave one so people can learn the box. It ruins the game of there's noway to get to root, make it challenging of course but its more fun for everyone to keep the battle going otherwise the game is over within the first 2 minutes haha
dire sentinel
i got another problem. low internet speed. half of the times i'm doing a room, the vpn drops
lyric perch
space jam has only 2 flags?
gusty cradle
Yes
sick fractal
thanx to all for game
harsh obsidian
@low whale , are you online right now?
lusty portal
I don't think he is. Is there something I can help you with?
void rivet
anyone up for a koth soon??
@fair adder we still need to have a 1v1 for our names aha 😉
fair adder
indeed
harsh obsidian
anyone up for a koth soon??
@void rivet I'm in a room now; game 1288
harsh obsidian
nice
void rivet
it has to be in in 13 and a half hours
narrow parrot
gl dude!
harsh obsidian
Finally cracked Tyler!
narrow parrot
gz!
harsh obsidian
@hot bloom Can I get an invite in to 1296?
harsh obsidian
It did, I'm in there now
hot bloom
Wow, that was a great game
harsh obsidian
That was a lot of fun. For the life of me, though, I can't find the eighth damn flag.....
hot bloom
I had done that box like 3 times, and was googling random crap when you joined
I wasn't even trying
lol
harsh obsidian
Lol
hot bloom
Lesson learned
harsh obsidian
Thanks for the invite, though
harsh obsidian
I thought about not asking to join but realized that I still need one more flag, lol
How many of them do you have?
hot bloom
How many flags?
Or how many boxes?
This was only my 5th koth..
And I've only done 3 diff boxes
harsh obsidian
How many flags on panda
harsh obsidian
Nice. I'm at 7/8 and it's driving me nuts lol
hot bloom
Haha
I've been doing mostly htb.. I'm really digging koth tho
I've only been on thm for a few days
dapper escarp
If you wanna know how many flags are on a room, hover over the flag next to he submission field and it will tell you
hot bloom
Oh, good to know!
harsh obsidian
@dapper escarp Mind if I DM?
harsh obsidian
it can't be anything that can't be said in here
@dapper escarp Ok.
hot bloom
I found a flag that I thought HAD to be a flag, but didn't work
harsh obsidian
I found a flag that I thought HAD to be a flag, but didn't work
@hot bloom the 06d or the 5a4?
hot bloom
06d
harsh obsidian
06d
@hot bloom You're on the right track, just look a little deeper
hot bloom
And another that I didn't keep.. I didn't think I'd stick around thm.. I'll have to be more careful now 🙂
harsh obsidian
And another that I didn't keep.. I didn't think I'd stick around thm.. I'll have to be more careful now 🙂
@hot bloom LOL. They've done a fantastic job making these boxes for us. It's absolutely worth sticking around for.
hot bloom
I see that now.. Didn't know what to expect!
harsh obsidian
My advise, for what little it's worth: keep notes for each box..... I prefer a local mediawiki server.
hot bloom
I've been using Joplin, it's pretty awesome
harsh obsidian
it can't be anything that can't be said in here
@dapper escarp I've found 633, MGN, YzI, Mzk, Nzr, d22, and 7c9. I checked m***l but with no luck. Can you give me an azimuth check on the final flag?
hot bloom
I kept notes for all my htb boxes. Like I said, I wasn't really taking thm seriously
Anyway, gotta run.. good game @harsh obsidian 🙂
harsh obsidian
gg @hot bloom
stable narwhal
With rule 2, regarding flags, Could you flood the box with flags?
glossy vessel
I guess yeah, because you can filter files by creation date and identify fake ones
bu idk if that's fair and would not cause some troubles for other players :)
dapper escarp
It's not really modifying anything
I'd probably say that it's not against any ruling
lilac lantern
o/
orchid tulip
where actually are the rules which states what we can and can not do
primal stag
click on the koth page
scroll down to the faq
the expand rules (if it isn't already)
got a game going in 20 minutes: https://tryhackme.com/games/koth/join/2d5ea47da8973e4bdc958eeb
orchid tulip
Can someone clarify pls : "6. No writeups are allowed"
dire sentinel
you can't post a walkthrough to the koth vms i think
dire sentinel
gg everybody
primal stag
gg @dire sentinel my internet died just as I got root!!!
dire sentinel
i know what it means... i got internet problems too
i can't figure out how the king file was continually overwritten at the end
nova tide
@dire sentinel may be someone was using a loop?
dire sentinel
yes, i think so. i'm not good in defense (neither in attack lol) and i'm trying to replicate the situation and understand how to block
stiff egret
@distant zealot Dude seriously?
quiet schooner
You good? @stiff egret
stiff egret
@quiet schooner UM, had a Q, is filtering 3000 port legal?
filtering as in from this
3000/tcp open http Node.js
to this
3000/tcp filtered ppp
dapper escarp
Yes it’s legal
Port 3000 is an extremely easy low hanging fruit
So it’s often closed
stiff egret
um, and wbu ||61432||?
surreal sonnet
are there bots also in koth
spark mason
Hello till when will KOTH be free?Keep it like this please💯
void rivet
astral belfry
GG @primal stag @forest bloom
primal stag
gg @astral belfry @forest bloom
fair adder
Not sure if this is exactly where to ask, but what resources could I go to to learn and practise actually spawning the shell to things like koth and tryhackme?
steep raptor
ok who closed port 22 lol
fair adder
Thank you
quiet schooner
@fair adder bsides Guatamala boxes are nice
fair adder
Thank you, I'll try some out now
primal stag
I've not done that box.
stable narwhal
I'm on as bread but can't cat the flag
neon sleet
Are you getting an error Will?
stable narwhal
Just permission denied
neon sleet
Hmm, maybe try something other than cat (if someone patched it)
Or make sure you have permissions to read it.
with lsattr as well
stable narwhal
Ah got 1
gusty cradle
I'm on as bread but can't cat the flag
@stable narwhal That's intended.
stable narwhal
Yeah, just noticed 🙂
I love tmux but closing your reverse shell by accident is a bummer haha
steep raptor
@gusty cradle you can view the flags with strings if cat isn't working
stable narwhal
Lmao can't escape vim
stable narwhal
ffs closed the RS again
gusty cradle
@steep raptor I think you misunderstand, I'm not doing KoTH at the moment, however strings will not work, since the author of the box has set weird permissions on the flag.
Also I just use tac when cat does not seem to work. 😉
primal stag
Nope, not getting this box...
stable narwhal
I have found multiple ways in but can't figure out how to use them
Anyone know the number for DEScrypt? Hashcat id?
telnet seems promising
arctic shell
Playing my first game 😄 this is fun
fair adder
@primal stag cheater
stable narwhal
I thought it was a spectator link
fair adder
what box?
dire sentinel
whaaaaaaaaaaaat? i thought it was the spectaror link 😅 . Fire up Kali
quiet schooner
Can confirm
nova tide
he didnt used any scripts.. i am also in room @fair adder
signal bridge
@fair adder The VOD of his stream should be up later if you'd like to confirm. Should sub so you can watch it!
nova tide
spam the reset button xD
dapper escarp
lmao
there's the reset button
Makes me laugh when people realise I patch port 3000 so reset
learn how to find other vulnerabilities
I only ever patch the way I take to get in, in public games
dire sentinel
gg
quiet ore
is goldwave in here?
fair adder
why do you think that?
quiet ore
idk he has 0 points and were 30 minutes in
quiet schooner
Might just be struggling.
quiet ore
maybe true
void rivet
@quiet ore what box u guys doing aha
quiet ore
void rivet
nah a link to play
quiet ore
oh im in one rn i thinkk
quiet ore
@primal stag yo
did u lock me out of king.txt somehow?
im just trying to figure out how it works lol
primal stag
Well, the object is to stay king....
quiet ore
oof
i had king for a while but its locked again
LOL
did ssh die?
think ssh is gone
oof
void rivet
Nope
quiet ore
yeah it is
trail basin
broken bloom
lets go boomers
broken bloom
harsh obsidian
Has anyone managed to get all eight flags on Panda? I could use some help finding the eighth flag if someone if willing....
gg @rancid pewter
rancid pewter
gg
tropic lance
?
primal stag
were you just in a KOTH?
fair adder
@potent oyster really
primal stag
I'm trying to overtake you as king!
fair adder
well
find the last flag and u will
but dont kill my shell cuz you cheating
why you close port 22?
weary kindle
Killing shells is not cheating
primal stag
oops, probably want to reset because I just locked myself out 🙂
primal stag
lol, I'm still king
full grove
cant kill shells as easily on Windows 🤔
fair adder
@primal stag what happened now M8
when you find the 4th flag lmk ok buddy
THANKS!
@full grove wym windows is easier
full grove
me thinks you need to re read that
dapper escarp
@full grove depends if it’s rdp:*
full grove
^
full grove
its incredibly difficult to kill the cmd session you want, even more so to kill metasploit payloads because they disguise the processes they run as.
fair adder
thats if the user knows how to migrate into it
weary kindle
If I can find your shell using w then you cannot complain about me killing said shell
weary kindle
Sounds like a question for the search engine owned by Alphabet Inc.
fair adder
you got jokes
weary kindle
I ain't wrong tho
fair adder
mhum sure
dapper escarp
thats if the user knows how to migrate into it
@fair adder to kill rdp you just have to rdp in
Clearly don’t know windows
fair adder
sure i dont
you obviously can kill any process once you have Admin rights
at least i didnt struggle cracking pain lol
took me not even 3 minutes while you took almost the entire 40 mins @dapper escarp
myDonut got you good too
weary kindle
How about we put you in front of 200 people and see how you fair then?
weary kindle
You clearly haven't done Priv Esc Playground then
stable narwhal
took me not even 3 minutes while you took almost the entire 40 mins @dapper escarp
@fair adder Was this after watching his stream? 👀
lilac lantern
@stable narwhal The exploit for Pain isn't even hard man
stable narwhal
I have no idea haha, haven't looked at it
lilac lantern
Honestly, piece of piss
fair adder
@stable narwhal lmfaoo i didnt have to watch his stream to crack it lmfaooo
stable narwhal
Anyone up for a chilled game of KOTH?
lilac lantern
First time I did it, straight in, all flags
lilac lantern
😂
primal stag
gg, had fun would do again
primal stag
Maybe another time, got to do some work.
fair adder
ahhh come on
dont chicken down
@gusty cradle oh no
dont tell me its you on that session
gusty cradle
😄
fair adder
awh shiet
gusty cradle
Haven't done done Panda before
gusty cradle
Thanks 🙂
fair adder
hmm
void rivet
when u get all flags and get king in 4 mins on spacejam ur first time :3
full grove
spacejam ezpz
void rivet
yep
full grove
until someone yeets your access method
void rivet
its easiest to root and get flags
spark mason
someone playing koth? unbelivable how no one joined on public game
void rivet
ill play if u want
quiet ore
lets get it
quiet ore
ye im in
dapper escarp
@fair adder Just gunna throw back at this, you have a terrible attitude. I admit my defeat to MyDonut and to this day think he is one of the best people to play KOTH against. However, you need to remember that though it is a game, it is still a learning experience. We're all in this area to learn, not shit talk someone for trying to better themselves
Everyone looks at a problem in a different way also, so to one person it may be an easy box. But to another, it could be difficult. We all have diverse skillsets. Like you said you weren't sure on Panda, which tells me your skillset suits windows more.
fair adder
you right
my apologies and yes i've dealt with windows more than linux
@dapper escarp
quiet ore
ggs
dire sentinel
gg
last urchin
gg
primal stag
#danger
fair adder
oh im just chillin
harsh obsidian
gg @silent herald
silent herald
I wish 😉 Made no progress 😄
cinder blade
what level require to jion koth game?
void rivet
Intermediate and up
plain salmon
lusty portal
Wait, When did koth went free to play?
@nova tide Free for this month
Some changes are taking place with KoTH
nova tide
oh ok. i didnt knew that
lusty portal
An email will go out next week for it
fair adder
skidd
void rivet
i only know like 1 or 2 boxes
nova tide
already in this one xD
but i think i already won this unless they reset but only 3 players so cant reset
void rivet
xD
nova tide
did you changed pass for donkey?
quiet ore
is there a new game goin on rn?
quiet schooner
Yes
quiet ore
should be
void rivet
sick
gusty cradle
@void rivet It's allowed.
nova tide
should have copied those passwords when i had the chance xD
void rivet
xD
im a bit slow
still learning
but im getting there
learning how to patch things
nova tide
well i am just good at tyler. i think its my 2nd time on shrek
nova tide
i was going to crack the passwords but forgot to copy lol
void rivet
haha
yh i need to be a bit faster at patching
im sitting here thinking, what do i do next
xD
like i can only find 4 flags on shrek
nova tide
i just did the find room so pretty good at finding xD
quiet ore
how do we people manage to lock you out of king.txt?
i realize they have the immutable attribute set on king.txt
but I cant seem to be able to change that either
torpid geyser
Ah, I just blindly clicked the link, any way to leave the koth 'room' after joining?
nova tide
@stiff egret did you changed pass for ashu?
stiff egret
No.
nova tide
i am doing this box for the first in my life and no clue how to ssh using those keys
stiff egret
I am not putting up any superman defences
nova tide
any hints?
torpid geyser
haha, i believe im in the same spot you are naughty
nova tide
tried:
ssh -i <any file> ashu@<ip>
stiff egret
ssh -i <keyname> user@<ip>
nova tide
now trying brute force xD
ssh -i <keyname> user@<ip>
@stiff egret tried that its asking for the password of ashu
stiff egret
Someone is in shell using ashu, I am killing the shells manually
nova tide
well thats not me or Don sooo gotta be nickz
stiff egret
Actually I am not putting up any defences at all
So, All paths that I came in from are open
any hints?
@nova tide Check all ports, there are 2 services running that can directly give access. One even gives root.
nova tide
oh my bad i was trying ssh
wait am i supposed to ssh or ftp?
its asking for password for both :/
torpid geyser
lol, i'm embarassed i can't turn that root one into a shell
torpid geyser
nice
nova tide
well hes not even playing sooo
quiet ore
is someone crashing port 22?
nova tide
killing your session @quiet ore
quiet ore
ah
nova tide
ok try now i wont kill anymore
quiet ore
uve done this box b4?
nova tide
yeah
quiet ore
ah
nova tide
a few times in private game
quiet ore
first itm here xd
nova tide
well you are cathing up faster
but i still want to know the ways to bypass the things i patched
quiet ore
yeah i was wondering if u patched something lol
kinda finding it hard to escalate to root
nova tide
i patched a couple of things.. the ways i knew how to come up
not sure if theres anything else left
torpid geyser
yea gg
nova tide
i dont have access to chmod so no enum scripts
@quiet ore the first thing i changed xD
nova tide
reset?
nova tide
well there was one but i patched it. the way i got root
nova tide
it was just a command that you could use as root
quiet ore
gotcha
nova tide
i will put it back so if you can try that to get root
quiet ore
aight sweet ty
i am curious to know if there are other ways tho. Usually on these king of the hill machines there are
nova tide
well i think i mistakenly set chmod with 6 suid so even root cant use chmod to chmod 🤣
quiet ore
LOL
thats funny lmao
there seems to be multiple ways to get narrator
just not sure bout root
winter nest
Does anyone find it frustrating that the king can delete chattr and stay king forever.....
quiet schooner
There's ways around that
winter nest
How
fair adder
its even more frustrating when there is nobody to play with when you want to
void rivet
ill play soon
torpid geyser
@candid shoal on space jam?
winter nest
@torpid geyser Yes
torpid geyser
eh, i just renamed it
torpid geyser
no, renamed the chattr binary
winter nest
Message me
void rivet
anyone wanna have a game of koth
harsh obsidian
anyone wanna have a game of koth
@void rivet Nemo and I are about to run one in 8 mins: https://tryhackme.com/games/koth/join/0530bb96ef5c9034e87e8011
quiet ore
hey lets get it
void rivet
just joined but idk if i can be assed aha so tired
ill see what box it is
ah cba to tired
xD
harsh obsidian
Shrek
quiet ore
yeah eh
idk why its always shrek?
ive done a bunch of these and its shrek 90% of the time i feel
void rivet
ik how to king and get all flags in like 4 mins lol no point doing that box, not fair to other people
ruins it
void rivet
ur vpn probs
quiet ore
yeah thats fair
void rivet
id only do it to learn some more defense stuff
harsh obsidian
8 flags in 5 mins xd
@quiet ore Lol, that's because I've played this box before
is the box down for anyone?
@quiet ore I'm having some issues myself. I hit the reset button; we'll see...
void rivet
im apartment hunting aha
harsh obsidian
im apartment hunting aha
@void rivet LOL
void rivet
gettin a apprenticeship and its far away so im getting my own apartment
only down side is that i have to give my parents the money so they can rent it for me cause im only 17 xD
harsh obsidian
oh good to know its not just me
@quiet ore I can't even get to the web server....
quiet ore
neither could i
primal stag
gg @harsh obsidian right as I joined the wife wanted to watch a show...
Might be helpful to have an option to leave a KOTH...
harsh obsidian
gg @primal stag
@primal stag : I'd like to DM later and ask you a few things, if you're cool with it
primal stag
Sure.
fair adder
whos DDoSing the box??
someone is ddosing the box shrek
Can't be me
I'm still trying to get in...
someone is
i see the requests
Hmm
same ip
Don? I haven't seen him earlier
different packets and different ports
the box is running very slow due to whomever is doing it
Yeah
is ddosing allowed???
i doubt it
Nope
sonic atlas
lol no
fair adder
Anything that could break the box isn't I think
he doing it again
Only thing I have running is jtr
harsh obsidian
https://prnt.sc/s6jiz6
@fair adder I've been trying a new thing. Did you get a bunch of random output to your terminal/ssh and then get kicked off at all?
harsh obsidian
Agreed. Also explains why my connections were so slow
fair adder
@lusty portal @low whale
harsh obsidian
gg @fair adder @fair adder @sonic atlas
rancid pewter
gg
fair adder
very great competitors
brazen cloud
Best thing to do would be report it to koth@tryhackme.com @fair adder the screenshot would be useful! Include your match id etc :> sorry to hear someone was spoiling the fun
dire sentinel
yep
dire sentinel
ahahahah
vale summit
il mondo è piccolo xD
quiet schooner
Please try to keep it in english in the server
terse willow
^^
fair adder
^^^
vale summit
I'm sorry! I meet an italian player so.. ahaha sorry
terse willow
No problem 🙂
Just helps us make sure that nothing that's going on under our noses is against the rules 😁
void rivet
u all got booted
boi
this is unfair lol imma just leave
i have done this box to much
hehe
❤️
terse willow
(New rotation is coming out soon @void rivet)
(and I can say that I am very proud of one of them 😁)
void rivet
gooooodd
i feel bad doing these boxes cause ik them all
im onjly doing them for the defense part atm
so i just quit the box lol
guys in prod box reset pls lol
void rivet
ooooo 0_o
terse willow
We've not implemented autogeneration of flags yet -- the website isn't able to receive them, although we can easily gen them on the boxes
Just a matter of time
Autogenning vulnerabilities has also been discussed, but isn't there yet
void rivet
yh would be amazing of the id_rsa keys and all the flags changed everytime the box comes online, but ik its easier said than done
terse willow
But I may or may not have just finished a script that's autogenerating passwords, other stuff that I can't say without spoiling it
(Yeah, done that with the keys)
void rivet
ooo
terse willow
You'd better appreciate this by the way
It was a pain in the ass to code
No doubt optional will find a way, but I've made it as resistant to autopwn as I possibly could
void rivet
aha yh
terse willow
Almost done -- just got one more bit to implement tonight
Then hopefully it'll be in rotation next month 😁
void rivet
good
aha
im hoping to do my OSCP next year
oh lol forgot, optional is doing his OSCP rn i think
terse willow
Agreed. I'm going to try for it in a few months, I hope
dire sentinel
ok. koth is not for me rn lol😆
void rivet
im only 16 rn, 17 on may 20th, and i heard u have to be 18 to sit it
@dire sentinel ur in my room lol
i got king and felt bad so left
terse willow
It's a very grey area. Definitely more the exception than the rule
weary kindle
@terse willow random flags is ready to go, just waiting on Skidy to get to it on his list
void rivet
ah ok
terse willow
Lovely 😁
Yeah, I got a script up and running to randomly generate and distribute them, just for the heck of it @weary kindle
Bit of a problem if the website can't receive though 🤷♂️
weary kindle
My method should be easy for them to work with
void rivet
if u could make a random vuln gen that would be amazing
terse willow
Doing better than me then. I just wanted to see if I could do it. Definitely not good enough to think about using in practice right now though 😆
Looking forward to yours getting implemented
weary kindle
I'm also working on that, but that's a little more long form due to the costs assosiated with nested virtualisation instances on AWS that my current plan would need
terse willow
Hmm. I might give that a shot at some point. I reckon it can probably be done with a single box, given half of my setup is done on startup anyway
Be really interested to hear that plan though
weary kindle
I might have some other methods of keeping costs low, but I'll need to test that
I wanna get Random Flags, kingescplayground and maybe a Pwn Adventure 3 room done first
terse willow
Fair 😁
quiet schooner
@nova tide No, that's wrong
nova tide
ik.. the guy in my game tried doing that.. its history
quiet schooner
@nova tide It's allowed.
nova tide
??
Deleting king.txt is allowed?
stable narwhal
@nova tide, you can't close the service king.txt runs on but the file itself is fine to delete
nova tide
oh i didnt knew that
quiet schooner
Then don't accuse someone 😛
nova tide
my Bad. i thought it wasnt allowed
nova tide
well i won the game in the end so nvrmnd
fair adder
GG
nova tide
just coz the guy got afk i think xD
nova tide
i have done tyler multiple times, shrek like twice, food just now , panda twice
space jam once
narrow parrot
well lets hope offline will be the box 😄
nova tide
if its tyler i may win it
nova tide
youtube
fair adder
oh i bet 20 on @rancid pewter
nova tide
get those 20 ready then
nova tide
ik xD
fair adder
send me the join link
rancid pewter
Nyancat is coming
nova tide
oh you are the unkown i lost space jam once against xD
fair adder
yep
narrow parrot
hello 🙂
stiff egret
@rancid pewter GG dude GG
rancid pewter
Gg
narrow parrot
well looks like I will get claped in 10 secs
nova tide
if its space jam imma pass xD
narrow parrot
but myDonuts only tries to get king usually and does not patch vulns so one can still get tokens right?
fair adder
yes
fair adder
he mad legit bro
nova tide
well he aint gonna go try hard mode but still scary xD
fair adder
who's streaming on YT?
nova tide
John
narrow parrot
mr john
fair adder
ah nice
nova tide
imma google how to close a port
narrow parrot
xD
fair adder
dont even try to close ports
quiet schooner
@nova tide closing ports is firewall or killing the service. Neither is allowed
nova tide
nyan xD
fair adder
weary kindle
Doesn't best the terminal parrot tho
fair adder
??
nova tide
ok i cant make it writable xD
fair adder
lmfaoo
its a pain isnt it
well keep killing my shells buddy
that aint gonna change
who keeps killing my shells
nova tide
gg
@nova tide closing ports is firewall or killing the service. Neither is allowed
@quiet schooner closing a port is not allowed?
quiet schooner
DoS of the service
fair adder
ok come on now
who added a firewall rule to block my ip from connection to the host?
thats against ToS
nova tide
DoS of the service
@quiet schooner i was talking about ssh or ftp ports
quiet schooner
Yes. Don't close them. Play smarter
nova tide
well someone did, soooo
@nova tide closing ports is firewall or killing the service. Neither is allowed
@quiet schooner btw everyone closes the ports thats not new...
quiet schooner
Doesn't mean it's ok
nova tide
well i never did thats why i said imma google
fair adder
sure
nova tide
well gotta learn more about mysql then.. GG both of you.. and Good Luck next time @narrow parrot
fair adder
@rancid pewter you needa back off of me lmfaoo
nova tide
is that the highest king change record? or someone have higher?
@rancid pewter you needa back off of me lmfaoo
@fair adder btw can any of you be kind enough to tell me what was going on with the king file?
why wasnt i able to change it?
@rancid pewter Gg
nova tide
i tried adding chattr from my pc and used that but wasnt able to change it
nova tide
try harder
Wow thanks for letting me know
nova tide
well i just started it like 20 days ago
fair adder
oh damn
not bad
you actually doing better than me
it took me like a month to get my first flag
nova tide
well i have IT background.. soo that makes a difference
fair adder
so do I
nova tide
know a language or two.. tried using kali like 4 years ago for fun. then stopped and started studying now got back to it
fair adder
gg
thats good
i stopped 7 months ago
but now im back
its a learning experience
us the Learning Path in try hack me
it helps a lot
nova tide
btw for chattr i used wget and then chmod it after that tried chattr or even /var/lib/chattr none seem to help
us the Learning Path in try hack me
@fair adder completed beginner a few days ago
fair adder
@nova tide i wish i can help you but its against ToS sorry
nova tide
ohkk no problem.. but was there something i was doing wrong?
btw for chattr i used wget and then chmod it after that tried chattr or even /var/lib/chattr none seem to help
fair adder
i can say that there's something missing
thats all i can say
and cant really tell you or show you how to fix it
nova tide
ok i will try to find it next time
nova tide
it was fun though.. i tried my best xD