yea you did better than most
#koth
nova tide
no one was streaming our koth though
it was john hammond
doing his stream that i was watching while waiting for the koth to start
btw mysql was the way you guys were getting in after ssh and ftp closed?
Also was it you who got into my shell? @fair adder
Gotta learn that as well...
fair adder
The winner is always the one with higher privs thats all im saying
primal stag
Are the KOTH systems going to be retired as new ones come online? If so, are they going to have a room created?
fair adder
what?
harsh obsidian
Also was it you who got into my shell? @fair adder
Gotta learn that as well...
@nova tide That's something I, also, need to get better at
harsh obsidian
anything i say can be used against me lol
@fair adder lol
nova tide
@nova tide That's something I, also, need to get better at
@harsh obsidian before today i didnt even knew that was a thing xD
nova tide
idk if that was anonymous or mydonut but he just came into my shell and started typing: i am in your shell xD
harsh obsidian
lmfao
fair adder
its always fun to take over someones shell
nova tide
i was like wtf XD so just killed that connection and made a new one.. not sure if he came in others as well or not π
rancid pewter
That was me
nova tide
Noice.. Well hopefully will be able to go against all of you one day and give you a tough time
rancid pewter
Maybe
fair adder
maybe
nova tide
GG till the next time
rancid pewter
What ?
fair adder
i bet 20 on you lol
quiet schooner
@primal stag There will be a way to replay them after they're retired. The exact mechanism is being discussed.
fair adder
and so i lost the 20
primal stag
@quiet schooner Cool, thanks!
winter nest
Who is playing?
void rivet
Send a spectator link
fair adder
Nice donut
rancid pewter
Love the nyancat ?
fair adder
Pretty neat
primal stag
fair adder
Nice
winter nest
yeah I think myDonut won this
fair adder
Definitely
winter nest
He patched everything
winter nest
hmm
fair adder
Yeah he won
winter nest
There should be a rule that you cant play the koth in a public match more than once or something... because I had someone get root in like 2 mins
gg
winter nest
Yeah there needs to been a lot more boxes
fair adder
I finally found another login rsa but I don't have enough time to get the password
winter nest
nice
winter nest
gg @rancid pewter
fair adder
@rancid pewter gg man
rancid pewter
Gg
fair adder
@winter nest you up for another game?
winter nest
Sure
winter nest
Its late here so I might be a little slow
fair adder
All good
primal stag
damn, I just shut down my vm...
winter nest
If its a machine I've done then ill probs hop off
fair adder
Alright
fair adder
Of course
winter nest
I thought you cant shut all services down....
@fair adder can confirm
@quiet schooner
quiet schooner
There's an email address on the website to report KoTH rule breaks
winter nest
Ok thank you
brazen cloud
grand ember
hangman
dapper escarp
or I just put the telnet starwars on for them
stable narwhal
asciiquarium or fortune | cowsaw could be some decent alternatives
grand ember
aafire 
plain salmon
Exploit.JO is cheating in the current game too!!!
@fair adder can confirm
@winter nest
He closed all the ports.
Except 9999
fair adder
Ban hammer?
plain salmon
What does that mean?
fair adder
Banning them
stable narwhal
@plain salmon I think that's allowed, you can close ports just not the flag service
plain salmon
Woah really?! How will we exploit then? The game is useless now.
fair adder
It's a firewall restriction @stable narwhal
stable narwhal
The boxes have several ways in
It's a firewall restriction @stable narwhal
@fair adder that's not allowed but are you sure?
grand ember
@stable narwhal you need to keep at least one way to get in
and blocking all ports except 9999 blocks all of them
plain salmon
fair adder
I'm sure
plain salmon
Okay help me out, how can i get in now? π€£
grand ember
@plain salmon did you try -p- tho?
stable narwhal
^
plain salmon
@plain salmon did you try -p- tho?
@grand ember Let me try that thing.
stable narwhal
Firewall styles attack isn't allowed so would need to be confirmed
grand ember
oof joined this game
stable narwhal
@forest bloom how did you close the ports?
grand ember
aah i can't leave D:
fair adder
I've ran "nmap -Pn -PU -p- <ip>" in my game with the guy and all were closed
stable narwhal
What box?
plain salmon
Panda
fair adder
Panda here too
No clue if this has anything to do with it but panda is vulnerable to some dos attacks
dapper escarp
Yeah thatβs not right
fair adder
What isn't?
dapper escarp
Send an email to koth@tryhackme.com with that guys details and the match id and someone will take a look into the logs
plain salmon
Yup, doing that right away.
dapper escarp
Panda relies and web/ssh
I may start installing an snmp back foot into boxes and closing all tcp
Think people having to exploit udp would throw them
As most forget it exists
fair adder
That'd be pretty interesting
dapper escarp
May do something in the future
near sphinx
plain salmon
What happened?
plain salmon
oh
floral snow
nova tide
aah in koth 0X1 scares me
grand ember
hey so i made a thing and if anyone wants to test it/use it it's here :D
https://hacks.computer/kothoverlay/?id=(GAME_ID)
made with stolen css
void rivet
@dapper escarp how did ur OSCP go
nova tide
Please if anyone is ever free to tell me how can i wget a command and use it mention me here..
i am trying:
python -m SimpleHTTPServer
wget <myip>:8000/c<ommand>
then chmod +x <command>
tried using ./<command>
<command>
nothing seems to work
grand ember
the command needs to be statically linked (the libs need to be inside the binary), the libs can differ between systems so it may not work
nova tide
it is.. inside /usr/bin
grand ember
and it most likely gets the libraries from /lib or /usr/lib which probably won't be the same on other systems
find/compile a statically linked one
nova tide
can you describe that a bit more plz
i am getting it from my /usr/bin and putting it in /usr/bin of the box
grand ember
yes, but it usually won't work because the library files differ between the systems which may cause problems
if you want a binary file that will work no matter the system libs you need a statically compiled one (the binary has the required libraries inside)
nova tide
how could i find that?
grand ember
maybe there are some precompiled ones somewhere, idk
nova tide
lost two koth just because i cant seem to use chattr.. last night against mydonut and one just right now.
had all ways patched, had root and just couldnt change king file
nova tide
aah cant wait for 20 minutes.. will play after fasting
fair adder
ok
void rivet
@fair adder how long till it starts
fair adder
60 sec @void rivet
void rivet
what box is it
fair adder
food
void rivet
lol no point playing if someone is just gonna mass kick from ssh
void rivet
@pure beacon
@fair adder no point playin hes just mass closing sessions
kinda cheap to store passwords
pure beacon
lol, dont need to store them. Easy to find
gusty cradle
@void rivet There is nothing wrong in storing passwords.
Just 
last ether
winter nest
The KoTH challenges should implement a process that random generates the password each time it boots.
pure beacon
i know the method
void rivet
how are others suppose to learn??
if they just get kicked from the box every 2 seconds
like i understand if ur learning how to defend
pure beacon
I wont boot you, my bad. Join, i havent patched anything.
last ether
Yes that
like i understand if ur learning how to defend
@void rivet
pure beacon
I run no scripts, and i never patch.
well, this game i actually patched my entry
i can fix it if you want to but were not using the same exploit
brazen cloud
The KoTH challenges should implement a process that random generates the password each time it boots.
@winter nest flag / credential randomness is in the works - hopefully you'll start to see these sort of behaviours (amongst other fun things) within the next set of rotation or so!
void rivet
into root
winter nest
@brazen cloud Thats great to hear!
brazen cloud
The pools are rapidly expanding, I mean it grew from like 3 boxes to 7 within not even weeks so...
But yeah there's some fun things in pipeline for it all π
winter nest
Any thing you can hint to us? @brazen cloud
brazen cloud
Hopefully sooner then later, I don't know enough to give an exact time stamp
I think randomness is the biggest changer, the other stuff is just little things to keep you busy :))
winter nest
Chattr should also be taken completely off the Linux Machines
gusty cradle
No
winter nest
I feel like its caused more harm than good to the platfrom
void rivet
apex u wanna play??
gusty cradle
I think the better question is why should it be banned? It's an essential part of the patching process.
void rivet
^^
fair adder
@pure beacon really dude
so you are the one restricting people from accessing the machine thru ssh
winter nest
Ok. Someone gets root and the first thing they do is chattr the king file then either delete the chattr binary or move it where it cant be found. Now when I come along I have to have a precompiled binary ready to match that specific machine and if not then I guess i'm outta luck? @gusty cradle
gusty cradle
primal stag
Sounds like you already know how to fix that problem. @winter nest
gusty cradle
@winter nest Statically linked chattr binary
fair adder
^^^
winter nest
How so @gusty cradle ? I copy the binary from my kali machine? Nope
gusty cradle
^
winter nest
I know how to move the file.... thats not the issue
Its the binary itself. Once I bring the binary over it wont work because it isn't precompiled for that system.
@fair adder @gusty cradle
fair adder
Statically compiled binaries are designed to just be able to be put onto any system
gusty cradle
^
void rivet
cant use any cheese strats on prod can u xD all my scripts have got me kicked of the box XD
weary kindle
winter nest
@gusty cradle May I message you or @fair adder
void rivet
grrrrrr @weary kindle
xD
luckily i completely locked it all of
before i got booted
xD
fair adder
now i know that @pure beacon is the dirtiest player out there
void rivet
yep lol
but in his defence
he is probs learning how to defend
which is fair enough
end of the day, i kinda over reacted, this is to help u learn shit
and if he is trying to learn to defend
then fair enough
fair adder
its not fair if hes breaking the ToS
void rivet
oh is he??
stable narwhal
What was he doing?
fair adder
preventing access thru ssh
Probably shutting down services
like i cant even connect to host but i can ping it
stable narwhal
You can shut services
preventing access thru ssh
@fair adder
Just have to leave other ways in
mellow bough
You need to keep all production services running
fair adder
thats not what the ToS says
mellow bough
We'll be clarifying rules in a bit
fair adder
Shutting down services is against the rules @stable narwhal
stable narwhal
Ah I thought it was just the king service that was restricted as long as you left another way in
fair adder
he knows i'll beat him if didnt shut down ssh
fair adder
The disrespect
void rivet
saucy
stable narwhal
instead of shutting it down, just set it to another binary lel
fair adder
The d i s r e s p e c t
mellow bough
Regardless, we'll be clarifying the total verbiage around this
fair adder
I see it going down like this @void rivet
If I win I keep my name, if I lose I ban you and keep my name
fair adder
we shall have an option to restrict users like @pure beacon to play with certain users due to his lack of knowledge of KOTH ToS
void rivet
ooof
winter nest
When should we expect to hear something @mellow bough
fair adder
Oofy
mellow bough
soon TM
fair adder
So never^
winter nest
People are also creating scripts to hack the machines faster...
void rivet
autopwn
winter nest
lol
void rivet
i want to make one for prod but i dont want @weary kindle to hurt me
fair adder
Maybe just before you join your first koth game, have a mandatory ToS pop-up @mellow bough
lusty portal
People are also creating scripts to hack the machines faster...
@winter nest This won't be so much an issue in our new releases of KoTH (some changes are being made to the game-mode).
fair adder
And keep the rules up top instead of on bottom
its not against ToS to use your own scripts
winter nest
OOOOOOOo That would be lovely
fair adder
Unfortunately
But it's impossible to detect anyway
as long you dont restrict or shut down service like @pure beacon is doing then you should be good
weary kindle
9002 was made to be scripted btw
brazen cloud
If you suspect breaking of the ToS, email koth@tryhackme.com with the match id and player username(s) is always the best for the time being!
fair adder
we shall have like a voting system once someone is in a party to play koth and the players who gets more kick votes then duhh they get kicked
brazen cloud
Mhm I don't think necessary
gusty cradle
^
fair adder
well if we know he gonna cheat and ruin the fun for everyone then why not?
Because than that player.may not be able to find a game again
brazen cloud
Like skidy suggested and I mentioned, there's some pretty good changes coming to koth where scripting and just rooting the box instantly will be much much harder to do
brazen cloud
:^
brazen cloud
It's also real BM'ing which is just toxic
stiff egret
Maybe Add a chat box, like twitch one, where players could talk, So atleast they can all agree if they want to reset the machine.
winter nest
Also what is kinda annoying in KoTH if we are talking feedback.... If there is 3 people in a match and one person gets root and they block all the ports or do something against ToS then the vote to reset should be 2/2
brazen cloud
It's best to let the admins investigate issues regarding rule breaking rather then just exiling members
winter nest
The point is that is should change based on the amount of users
weary kindle
I think that's better left to the staff to make those decisions, not players that can abuse it
brazen cloud
^
weary kindle
The vote change is coming iirc
stiff egret
There's a thing called beta written near King Of The Hill. Cool down.
brazen cloud
Koth is still a new thing so π lots of stuff in the works for it!
winter nest
Yeah I know
fair adder
well koth is going to get slammed with a lot of cheaters so
all im saying for cheaters that break the ToS should have a system where if they cheat then they get restrict
not banned
lusty portal
well koth is going to get slammed with a lot of cheaters so
@fair adder We hopefully have a system that will reduce this. I'll write a post to let you all know whats changing with KoTH.
stiff egret
@fair adder We hopefully have a system that will reduce this. I'll write a post to let you all know whats changing with KoTH.
@lusty portal ETA?
fair adder
@stiff egret no rush
brazen cloud
Thanks for the feedback though.
fair adder
all we can do is report the user and thats it
grand ember
and obviously koth prime, thm needs to make money π°
winter nest
Yeah the feed back is nice
fair adder
but thats not gonna stop the cheaters from creating new accounts
fair adder
they dont care about trust
weary kindle
Anti-cheat is incredibly hard to implement on a KOTH box tho
fair adder
look at @pure beacon
lusty portal
and obviously koth prime, thm needs to make money π°
@grand ember We're making KoTH free to play.. forever
grand ember
winter nest
YAAAAY THIS IS AWESOME
grand ember
nice
terse willow
@lusty portal, what happens if a box is sent a shutdown signal? Does it reset?
brazen cloud
stiff egret
@grand ember We're making KoTH free to play.. forever
@lusty portal You kidding right?
fair adder
oh boy
lusty portal
Nope:)
fair adder
ig its over for the learners out there
gusty cradle
π₯³
lusty portal
@lusty portal, what happens if a box is sent a shutdown signal? Does it reset?
@terse willow Do you mean when a machine is reset?
fair adder
Koth was always intended to be a subscriber service
brazen cloud
One of the few marketing points of subscribing was koth
terse willow
@terse willow Do you mean when a machine is reset?
@lusty portal As in, if we were to set up monitoring as a process on the box that tells the box to reboot if something is switched off, or something doesn't look right -- would the reboot make it reset, or would it mess everything up?
lusty portal
There will be a good reason for subscribing:) More info to follow
fair adder
There already are good reasons for subscribing
brazen cloud
oh yeah
fair adder
then there will be mroe
brazen cloud
there is but y'know what I mean π
stiff egret
lusty portal
@lusty portal As in, if we were to set up monitoring as a process on the box that tells the box to reboot if something is switched off, or something doesn't look right -- would the reboot make it reset, or would it mess everything up?
@terse willow No, we terminate the machine, then redeploy it from the base-image. You could include measures to help stop it happening, but if you're root, its very difficult to stop
terse willow
@lusty portal I was thinking, if the website had a capability to receive an "Ok" message from the box, it could be reset automatically. As in, the box checks itself every minute to make sure that no rules have been broken. If something is wrong (or if the process is killed) the box gets reset
weary kindle
Other than heavily abstracting the box across several docker containers, you can't have anti-cheat running on a box where you're supposed to get root. Hell, there's not even fully defined rules yet, so I have no idea why you keep banging on about cheaters. I'm willing to be that these so called "cheaters" you're coming across just know their defense, same reason as to why when someone closes off all the easy vulns everyone cries and resets
terse willow
I mean, it's already watching out for the king.txt, would it be so difficult to implement?
stiff egret
@lusty portal I was thinking, if the website had a capability to receive an "Ok" message from the box, it could be reset automatically. As in, the box checks itself every minute to make sure that no rules have been broken. If something is wrong (or if the process is killed) the box gets reset
@terse willow Like The services in A/D matches.
weary kindle
I mean, it's already watching out for the king.txt, would it be so difficult to implement?
@terse willow I can implement it box side if Skidy can implement it server side
terse willow
@weary kindle I mean, I'm pretty sure you're not supposed to be compromising the services on the box, although I do otherwise agree
weary kindle
It just can't be 100% trusted
terse willow
Mhm -- it would be really easy to implement box side
primal stag
@winter nest This won't be so much an issue in our new releases of KoTH (some changes are being made to the game-mode).
@lusty portal Challenge accepted.
terse willow
I'm not sure how you would get around it, to be honest. If it was working on the same principles as OTPs, you couldn't really replace the process, and shutting it down would mean a reset anyway π€·ββοΈ
terse willow
Interrupting the checks and still convincing the process to send out the "Ok" message would be interesting
Although I daresay someone might figure out a way
weary kindle
It's not something that's 100% achievable unless there's a hypervisor, and that's a challenge in of it's self with AWS
Seeing as instances that support nested virtualization are 10x the price
brazen cloud
AWS is half the fun
terse willow
True, there would definitely be more efficient ways of doing it than "in-box"
pure beacon
what do you mean shut down service @fair adder
terse willow
But there's no reason a process on the machine couldn't be checking to ensure that it's getting the right output for open ports, for example
Or checking to see that essential processes haven't been killed
grand ember
maybe some cut-down autopwns just to check the entrypoints each few minutes?
brazen cloud
defo don't see why a "health check" isn't possible I mean - there's literal systems for it so...
but as Dan said, it can't be 100% trusted if it's in-box
terse willow
Agreed. I mean, I don't even see it being totally necessary, but it might help π€·ββοΈ
brazen cloud
if server-side done that sort of health checking it'll be a lot more authentic
weary kindle
I think a robust anti-cheat system would need dedicated, THM owned infrastructure to work properly, and that's a bad move for them to work towards
brazen cloud
10000%
weary kindle
AWS is at least 25% of THM's success I'd say
brazen cloud
will get very expensive at that too
weary kindle
There's a reason HTB charges what they do for their pro labs
terse willow
^^
pure beacon
@fair adder Why are you saying im in breach of TOS? i read the rules and i abide by them
lilac lantern
Guess who's finally upgrading to pro on Thursday!
pure beacon
Feelin targeted today 
fervent girder
π§
lilac lantern
pure beacon
I havent even shut down ssh? wtf
these accusations man
The rules doesnt even specify that i cant shutdown services? not that i do
The machine should not be made unavailable (shutdown, firewall rules to stop all communication, all services terminated, machine botching etc..)
The machine should not be made unavailable, which i havent done
ive never messed with the firewall
i have never stopped ALL services, yes i have deleted some authorized_keys files, and kicked a few shells, but that isnt against the rules
fair adder
@lilac lantern you done that too mee so wym?
void rivet
oofff
lilac lantern
you're a n00b so wym
void rivet
come on bois
stable narwhal
This is just getting petty now haha
void rivet
^
stable narwhal
Bordering Rule 2 and 4 tbf
lilac lantern
We good, he's in discord with me.
stable narwhal
Ah fairs
lilac lantern
But the rules are not specifying what can and cannot be done
fair adder
thats how we fk around @stable narwhal
fair adder
@pure beacon sure we'll see about that once they see the logs
stable narwhal
Admin can check logs
winter nest
At this point you all are just playing sematics.....
fair adder
YOU SURE???
lilac lantern
I think so?
lilac lantern
@lusty portal can you confirm?
brazen cloud
Well that doesn't necessarily mean that the kind of behaviour should spill into here as @stable narwhal suggested imho
lilac lantern
YOU'RE ALLBITCHING ABOUT BEING PATCHED
brazen cloud
Admin can inspect logs of the games yes
lilac lantern
Grow up π
winter nest
If you wanna be fair why not keep the service running but change the port number....
brazen cloud
and absolutely do
void rivet
O_o
pure beacon
@winter nest Thats meaner lol
winter nest
Not really
terse willow
That's enough from the lot of you. Tone it back please π
mellow bough
Keep it civil my dudes.
weary kindle
@lilac lantern can I quickly remind you of the PG-13 rule
lilac lantern
Thanks for the reminder
fair adder
oooo
void rivet
can i remind u all that im eating a original curry pot noodle rn
pure beacon
Sounds nice tbh
mellow bough
That sounds delightful
void rivet
it is
lilac lantern
Indeed
void rivet
it really is
lilac lantern
I have a strongbow dark fruits
brazen cloud
solid pot noodle choice
fair adder
thats what she said
void rivet
i got a full cupboard of pot noodle
stable narwhal
lilac lantern
Ayyyy
fair adder
i never remember
gusty cradle
lilac lantern
fair adder
lilac lantern
π
pure beacon
void rivet
gusty cradle
π€¦
lilac lantern
hahaaa
stable narwhal
Can the 3 of you make a private chat to have your little spat please?
lilac lantern
Nah I'm good
fair adder
ok everyone thats here what box was the first hardest you've ever encountered?
void rivet
when is the next new box coming out
lilac lantern
food
fair adder
@stable narwhal was that a box?
void rivet
i mean, imma say pain cause i havent tried pain yt
lilac lantern
Pain is easy
stable narwhal
KOTH specific or in THM?
gusty cradle
Multimaster from HackTheBox was pretty difficult to solve
lilac lantern
koth I would assume
fair adder
koth specific
lilac lantern
Multimaster from HTB was pretty hard
@gusty cradle what she said
terse willow
Oi
fair adder
@lilac lantern :mad:
stable narwhal
@lilac lantern again PG-13
terse willow
^^
lilac lantern
What. How is that not pg-13
terse willow
Put it this way, would you say it to a school teacher?
void rivet
ye
lilac lantern
I've had kids younger than 12 saying the F bomb mate
fair adder
ok guys only boxes that you've already done on KOTH only
lilac lantern
yes I have
void rivet
100%
fair adder
from hardest to easiest
stable narwhal
"that's what she said" is obviously an intended innuendo
grand ember
ok maybe the other way:
should you say this to a teacher
fair adder
No nsfw references @lilac lantern
lilac lantern
Okokok bbz
void rivet
"that's what she said" is obviously an intended innuendo
@stable narwhal pg 13 pls
lilac lantern
I'm sorry β€οΈ
fair adder
Or innuendos
terse willow
I've had kids younger than 12 saying the F bomb mate
@lilac lantern That is not the point. We know children swear a lot
fair adder
ffs
native plume
Language dude.
gusty cradle
^
void rivet
^
fair adder
for free souls
lilac lantern
I haven't sworn π
brazen cloud
It's just stirring the pot at this point...
lilac lantern
JESUS
fair adder
ok name your boxes from easy to hard everyone
lilac lantern
damn do emojis count towards pg-13?
fair adder
void rivet
change subject now
terse willow
^^
lilac lantern
Need more windows ones
terse willow
New Koth boxes will be out at the start of the month
lilac lantern
for sure
fair adder
tomorrow
winter nest
@fair adder where did you hear that
fair adder
in my dreams
brazen cloud
lmao Para
fair adder
Not with that attitude
lilac lantern
It might be now he said it
Not with that attitude
@fair adder That;s just antagonising
weary kindle
Wait, we're releasing them tomorrow?
lilac lantern
Stop
fair adder
Koth boxes will likely come out the first week of May
weary kindle
I best get started then 
terse willow
I mean, that should be one of them at 20% conversion.
void rivet
@weary kindle hehe
fair adder
Shoulda been called Jammy @terse willow
terse willow
Not exactly ready to come out yet π
lilac lantern
I still need to make my windows box
fair adder
it should of been called @lilac lantern
brazen cloud
quick Optional's asleep release koth boxes
stable narwhal
quick Optional's asleep release koth boxes
@brazen cloud Finally get the upper-hand
fair adder
@brazen cloud optional keeps one eye open and never sleeps
gusty cradle
@brazen cloud Nah check the mentors lounge
fair adder
He has koth notification hard wired into his alarm
brazen cloud
LMAO
fair adder
or it should of been called @pure beacon
grand ember
brain-koth interface 
brazen cloud
@fair adder dude stop antagonising...
lilac lantern
π
terse willow
Then everyone here is in dire danger of getting a mute...
Dispel the tension, put a filter in between brain and keyboard. Don't send anything that's likely to annoy or antagonise people
It's really that simple
fair adder
@fair adder a community mentor, and ones who recommendation I will fully take if he says to mute/ban you
brazen cloud
just a THM user mate
terse willow
That, for the record, is a prime example of antagonistic
terse willow
Enough @lilac lantern
That's a warning now -- you've been told a few times
fair adder
You would be wise to quit while your ahead @lilac lantern
lilac lantern
So I'm not entitled to an opinion anymore? Man this place was cool at the start of the year.
For those that I have offended I am sorry, but if you can't take a little light hearted banter then I do apologise.
Reasonable enough?
fair adder
You could litterally not do a simple apology without adding a snarky remark
native plume
sighs
lilac lantern
And for those that have an issue, please.. Do join voice channel.
fair adder
they dont want your apology
native plume
Enough!
lilac lantern
If you see that as snarky then that's your misinterpretation
winter nest
Please just ban him already....
lilac lantern
Done.
stable narwhal
Not too sure if this is a message for #544951750801752079, from the previous convo someone mentioned about learning and getting started with KOTH, would it be beneficial to have KOTH categories such as New/Chilled -> Experienced/Go Hard - Similar to profile levels
terse willow
I think there was talk about that @stable narwhal
lilac lantern
I would agree for that
brazen cloud
Yeah I remember talks about it - scaling with your profile level but wasn't quite sure where it ended up. Definitely a nice idea!
lilac lantern
But how would one define easy etc?
Different people are good with different styles of hacking
I for instance hate WEB.
stable narwhal
Most of the time, I don't think Profile Ranks correlate to KOTH ability, it may be nice to have for new-comers to have an enjoyable environment to get comfortable with new boxes etc...
dapper escarp
Easy attack vectors with clear path to execution
lilac lantern
I think you'd find that'd create more subcategories than anything
dapper escarp
compared to harder boxes that are more obscure to root
stable narwhal
Easy attack vectors with clear path to execution
@dapper escarp This and other players
grand ember
binex to get root 
lilac lantern
Isn/t that what private rooms are for?
Most of the time, I don't think Profile Ranks correlate to KOTH ability, it may be nice to have for new-comers to have an enjoyable environment to get comfortable with new boxes etc...
@stable narwhal
request that newbies join a private game etc?
But even newbies on THM could be pen testers in real life so
gusty cradle
Heap overflow for foothold and root π
lilac lantern
It's hard to differentiate between the skill levels.
stable narwhal
But even newbies on THM could be pen testers in real life so
@lilac lantern "I don't think Profile Ranks correlate to KOTH ability"
native plume
Heap overflow for foothold and root π
@gusty cradle Nah, heap overflow for foothold and n-day exploit for root.
dapper escarp
Heap overflow for foothold and root π
@gusty cradle who hurt you?
gusty cradle
π
fair adder
You have a sick sense of humor but I like that about you @gusty cradle
native plume
lol
weary kindle
Egghunter, @dapper escarp will love it...
lilac lantern
@lilac lantern "I don't think Profile Ranks correlate to KOTH ability"
@stable narwhal Slightly snarky but I'll let it pass. But doesn't that dismiss the whole KOTH subject?
stable narwhal
@gusty cradle is a madlad
lilac lantern
You have no idea whoo you're up against
brazen cloud
Mhm yeah I somewhat agree
dapper escarp
It's not wrong
native plume
just die
@dapper escarp Didn't you said "They're not that bad" few days ago lol.
dapper escarp
the statement holds a lot of weight, no one knows how they will react when suddenly they are being shell killed or spawned into a terminal parrot
lilac lantern
I know for a fact if I join a room with @dapper escarp I'm leaving
brazen cloud
It's a fine mix between being put up against someone whose better then you, then someone whose waaaaaaay better
fair adder
ayye @dapper escarp wassupp
stable narwhal
You have no idea whoo you're up against
@lilac lantern Why I put it here first for discussion rather straight to Ideas
dapper escarp
heap exploits are horrible
native plume
I agree.
lilac lantern
The thing is, now people are making automated scripts
for these rooms
So that';s you screwed anyway
brazen cloud
You don't learn if you're against people of the same skill, but also don't learn if you're against someone who can root it in 5 because they're just very good
lilac lantern
agreed
dapper escarp
I mean
native plume
Heap overflow on windows box @dapper escarp
lilac lantern
How do you define the fine line?
dapper escarp
I get called out for scripting when I don't use them
and usually have proof of that xD
lilac lantern
Just memorise the box
dapper escarp
^^
lilac lantern
And do what you need.
fair adder
:nice @dapper escarp yes that was me my Bad GG
brazen cloud
Certainly worth a discussion as @stable narwhal suggested. Perhaps it'll sort itself out kinda once the new features are being implemented
lilac lantern
We do, so we know how to get king asap
OR those that watch peoples streams know the rooms
So newbies technically but are fully aware of the entry points
stable narwhal
@brazen cloud whoo, basically suggesting it because that's how I feel when playing lmao
weary kindle
I'm working on a new implementation with random everything, it just takes a lot of time to develop alongside everything else
brazen cloud
yeah totally! @stable narwhal
weary kindle
Plus Runescape has cost me at least 5 days in the past week
brazen cloud
lilac lantern
Oh god still on that RS hype π
dapper escarp
people who watch my streams don't know the rooms
brazen cloud
never left π
dapper escarp
they just know my preferred exploit path
stable narwhal
people who watch my streams don't know the rooms
@dapper escarp Can confirm haha
lilac lantern
Man I talked to you guys like january you were hard on that hype
grand ember
we don't watch the streams for koth/boxes, we just bully him
dapper escarp
which is usually ssh through a memorised password into a low hanging priv esc
weary kindle
Hype train stops for no man nor woman
lilac lantern
@dapper escarp Can confirm haha
@stable narwhal I could search the stream right now and learn the way in
dapper escarp
I mean at this point I don't play koth as the only boxes that interest me are offline and tyler
brazen cloud
I'm there for the poki dono's
weary kindle
Learn a way in
dapper escarp
You'd be hard pushed, again I only get shrek/space jam on stream
lilac lantern
then watch 4 other people
lilac lantern
It's just my 2 cents is all guys
dapper escarp
or in the chance I recognise someone who autopwns I whip out my pwn
weary kindle
Bearing in mind we put about 3-5 initials in each box and most people only ever use one
brazen cloud
yeah totally @lilac lantern π valid points nontheless!
dapper escarp
I think the only time people may have learnt a box is when I did panda for the first time
because I literally hunted for all possible ways in and their priv escs
lilac lantern
I'm one of those, okay .. Good idea, but what about this, this and this etc. Always think outside the box (no pun intended)
winter nest
I wish there was a way to submit boxes to be used in KoTH
lilac lantern
There is....
dapper escarp
@winter nest contact one of the admins
winter nest
oof
lilac lantern
I'm still working on my first box
winter nest
I dont have a box ready, but would love to make one
lilac lantern
'Serve me the shell
but my upload failed 4 times
So I gave up
Will re-do probably next month
New machine coming.
winter nest
I assume if I make a box then I'll make mutliple initial entries and multiple priv esc.
lilac lantern
yes
winter nest
like 3 to 5?
lilac lantern
If possible, multiple entries are the way forward
But, please make sure it's tested all the way then ask others to test too
Mine only has one way atm
Due to the nature of the exploit
brazen cloud
I can't quite remember the stipulations for KOTH box development
winter nest
If you remember send them to me
terse willow
@winter nest At least 4 entry points, 4 privescs and 4 flags
Admins have to approve an initial plan for it
quiet schooner
There's a lot more guidelines that help make it fun and replayable
dapper escarp
poki worship koth room inc π
brazen cloud
kekw
quiet schooner
Wasn't that Pain?
winter nest
@quiet schooner how so
brazen cloud
give them an inch they'll take a mile
quiet schooner
@winter nest avoiding passwords etc as once you've played the box you can record those for next timw
terse willow
(Or autogen them -- which is what mine is doing)
winter nest
Yeah I figured
dapper escarp
he needs to make an entire room dedicated to her :Kappa:
@grand ember you best know when that dono goal hits we doing the "HELP POKI FIND HER FEET" room
for the memes
grand ember
yeah lmao
stable narwhal
@grand ember you best know when that dono goal hits we doing the "HELP POKI FIND HER FEET" room
@dapper escarp You need help haha
stable narwhal
It's changed you
grand ember
well you did this to chat and then chat did this to you 300 times
dapper escarp
yeah I get shafted by it every stream now
Gesus is usually one of the first saying "poki"
stable narwhal
KOTH stream tonight?
lilac lantern
+1
grand ember
:pokiW:
grand ember
inoculation, not koth
dapper escarp
keep going back and reediting it as I finish each box
it is inoculation before koth tbh
stable narwhal
Oh of course, the report
dapper escarp
If I get it done at around 7 I'll likely stream after
but won't be anything official
stable narwhal
Ayy
dapper escarp
might just chill and watch poki
stable narwhal
it is inoculation before koth tbh
@dapper escarp A cheeky 60 points
Needs to be more
stable narwhal
Could have a point multiplier per flag based on difficulty - Extra points work too
dapper escarp
x1.5 medium x2.5 hard
stable narwhal
Yeah something like that
dapper escarp
would be hard to balance
and require striker reviews of rooms to determine difficulty
quiet schooner
Also just using the bonus points system would do it
stable narwhal
Also just using the bonus points system would do it
@quiet schooner not all harder rooms have extra points though
grand ember
people vote for difficulty -> average difficulty * fixed point amount
my suggestion
stable narwhal
Inoculation being the best example
quiet schooner
Yeah but using the extra points system
stable narwhal
Yeah, easiest way to do it
dapper escarp
bonus points are a poorly implemented system
flat multipliers on difficulty would be easier implementation
stable narwhal
Borderlands was ridiculous
void rivet
optional how was ur OSCP
terse willow
And by that you mean, what, exactly @vale summit?
vale summit
we was just playing xD
terse willow
Unless they're breaking the rules, that ain't enough for a reset
nova tide
https://busybox.net/downloads/binaries/
@dapper escarp i have been looking for those for like 2 days now. Thanks
dapper escarp
I gotchu
full grove
nova tide
Reset? and start again?
void rivet
@lusty portal any idea when thm is gonna have merch??
i wanna buy some when i get paid aha
fair adder
A swag shop is coming out soon @void rivet
void rivet
Goood
nova tide
reset? @stiff egret
stiff egret
m bad with panda
nova tide
oh ok
stiff egret
this is my first machine of panda
nova tide
if anyone of you knows about port 3306 and have spare time anytime teach me β€οΈ
stiff egret
The best friend after books is google.
~ Mr.Holmes
dapper escarp
3306? That's a mysql port?
stiff egret
3306? That's a mysql port?
@dapper escarp No its where the webpages load π
dapper escarp
3306 is default mysql and without looking at a scan would be a default guess
stiff egret
[pun was intended]
nova tide
3306? That's a mysql port?
@dapper escarp it is
@nova tide https://tryhackme.com/room/25daysofchristmas
@quiet schooner have that on pending.. doing koth since a couple of days.. started it and then paused
quiet schooner
There's content in there for mysql
nova tide
https://www.sololearn.com/Course/SQL/
using that as well
you shared that last night
oh ok
i will do that one for sure then.. after fasting
distant flint
how do you guys go about getting the flags?
rancid pewter
Good luck
lilac lantern
Cheers pal, you too. Go easy on me π
rancid pewter
Let me finish my new script ...
lilac lantern
..
rancid pewter
@lilac lantern Did it work ?
lilac lantern
I cannot swear here.
#Leaving
gg wp
Mate everything is automated on scripts man what's the point π
rancid pewter
What ?
lilac lantern
You've used a script yeah?
quiet schooner
Let me finish my new script ...
@rancid pewter I assume this message
lilac lantern
π€
rancid pewter
But to prank people it a script
quiet schooner
You can get really fast on some KoTH boxes
lilac lantern
I know, got all flags and king in 7 minutes π
wish I had a physical VM of kali
rather than teamviewerd on
or a physical kali machine lool
lilac lantern
Considering I manage the devices.
vernal gust
that's even worse
quiet schooner
Then you can get admin
lilac lantern
Nope, not allowed to install any applications at all.
quiet schooner
Use that work money, get yourself a cheap thinkpad or something
quiet schooner
"Everything is temp" is just a metaphor for life.
lilac lantern
ryzen 5 2600X, 32 gb ram etc etc
vernal gust
still not a good security practice to put VMs on your work laptop π
lilac lantern
Therre is no VM on my work lapptop
vernal gust
it's just a statement not relating to you directly, i'm just saying it's not a good idea
lilac lantern
Meh fair enough.
LOVE that you can start a new game before your other one ends.
Kinda funny π
quiet schooner
You can play a few at once
harsh obsidian
primal stag
^^
harsh obsidian
gg
void rivet
Can't wait till the swagshop comes out
nova tide
no one playing koth?
primal stag
gg @harsh obsidian I fell asleep after like 20 minutes π
void rivet
anyone up for a game
void rivet
stiff egret
@void rivet You playing?
void rivet
yh but im already in 2 game aha
stiff egret
haha
void rivet
ill send u a message when im done
stiff egret
βοΈ
stiff egret
which box?
void rivet
prod
i dont like doing it
cause ik it
and ik not to use any cheesy scripts on this box cause it just boots u out lol
stiff egret
i was trying somehow to find how it knows about cheese and disable that
void rivet
im looking thorugh it now
completely locked hte machine off
so no one can get on it
so im just freely looking around
lol
i just took a look inside chattr, u can delete the text inside that kicks u out
void rivet
yh exactly
im currently in 2 prod games
feels bad man
locked everyone out of both of them
void rivet
lol
stiff egret
I get root, then set up a monitor system, so if I see really good players in lobby then I use defences, otherwise, most of the time, It's them trying to fight against my scripting skills.. @void rivet
void rivet
aha yh
like i just got the box tyler
got king and completely locked the box
now i just sit back
wait for my next game
stiff egret
ππ
See, we are actually supposed to do that, but now it feels bad considering if others are tryin to learn.
void rivet
but if u know how to do everything and ur locking the box for no reason
stiff egret
Actions Justified
void rivet
then ur just saddddd
stiff egret
That's pointless
void rivet
i probs use it 1 or 2 times, while im getting rid of keys and passwords
stiff egret
Lmao
void rivet
xD
stiff egret
Did you got nyaned by myDonut?
void rivet
i havent played with him yet
stiff egret
That was a hell of a close fight.
Beaware
If he's in lobby, shit's about to get real
No mercy
void rivet
oh lol
stiff egret
Yeah
void rivet
oof
stiff egret
No wifi since lockdown
stiff egret
Set it lower, I'll be able to watch next time, I said same to optional
@void rivet Serviceman won't come.
Sed_lyf
void rivet
oof
im just happy my wifi is working
i have data
but that only goes so far
i got 25GB data
stiff egret
im just happy my wifi is working
@void rivet you should be
Bc I know how painful it is
Anyway, try setting the video quality to optional
quiet schooner
Edit yes if that's the patch. Delete no. If it's food, that's a really terrible patch. @void rivet
nova tide
almost done with all rooms except pain and production.. in pain just got 3 flags and in production tried alone game just got all flags couldnt privesc so gave up.
3 minutes left to start if someone wants to join in ^^^
pain it is ^^^
stiff egret
nice work @nova tide
nova tide
i am late i was doing pain as well
nova tide
xD
nice one changing lsattr
i wonder if its a while loop running thhat i cant seem to find
stiff egret
who is b3y0nd in my koth queue
@spice crown he is beyond your reach lmao
spice crown
niceeeee
stiff egret
nice one changing lsattr
@nova tide didnt
i wonder if its a while loop running thhat i cant seem to find
@nova tide neither
nova tide
well wasnt able to use it unless replaced it
stiff egret
nice idea btw
stiff egret
who have that python script running?
@nova tide Not me
nova tide
come back?