so you shot the right one
#koth
sudden axle
somber agate
Nice hahah
sudden axle
btw did you have a script that rewrites king.txt?
i've noticed that the king.txt would constantly be blank and then populated with your name
but couldn't find a cron
somber agate
Not really a script, it was a binary
chilly sandal
he chattr it correct?
stable horizon
Don't need cron to run a script on a loop, you can just have a delayed loop
quiet schooner
I need to put GCC on the box one day
sudden axle
ye, thats a fair point kris
chilly sandal
yea even with the pasta hint still got nothing π
somber agate
Having while loops in your bash can be killed with your bash instance, mine stays up even after I get kicked of the box
sudden axle
@quiet schooner on food?
stable horizon
just waiting for more than 0 people to join my koth
Though actually it's easier with nobody except me, nevermind
quiet schooner
@sudden axle I made Hackers and Food
somber agate
@stable horizon Im here B)
sudden axle
i compiled a c file on the box
stable horizon
Dang.
sudden axle
with no problem
weary kindle
Food definitely has gcc
quiet schooner
GCC would make it more spicy for Dan
ah interesting
Oh I know why
Dan, so do you
weary kindle
It also has kernel headers kekw
somber agate
@stable horizon I'm not gonna do a 1v1 sorry bud
quiet schooner
@weary kindle OpenSTMPD
hasty narwhal
who's up for a koth?
fair adder
me
spare scroll
anybody awake and down to play koth?
gusty cradle
@spare scroll Yeah, I joined π
spare scroll
thanksπ
gusty cradle
Yay, we got spacejam
spare scroll
seems like a cool box
hollow stone
is it normal for koth machines to stay active after koth is over?
nova tide
Hackers got fixed yet or not?
brazen cloud
Hackers has been patched if that's what you mean @nova tide π
nova tide
Hackers has been patched if that's what you mean @nova tide π
@brazen cloud nah, last night there was no port 80 π
brazen cloud
Oh that's interesting - has the port moved perhaps?
nova tide
no, Ninja closed it while fixing the instaroot π
I broke the webserver patching the instaroot
^^^
nova tide
ohk
stiff egret
admin for fortune?
stiff egret
chattr on king file is legit right?
sonic pecan
hi
stiff egret
Can anyone please clear this, I am having a fight with someone over this.
chattr on king file is legit right?
@stiff egret
stiff egret
I tried making them see sense. A screenshot from official MOD would help
stiff egret
I am on the side saying chattr and changing the password of users are allowed.
stiff egret
That'll do, Thanks
quiet schooner
@stiff egret
quiet schooner
The underlying policy with patching is "Would it impact legitimate users of the box?"
Like if you take down a webserver, that's a no go
Killing services that could be avoided... No go
nova tide
if only people start reading the rules before playing the game instead..
world would become a great place
blissful frigate
Scripts that automatically hack and/or harden the machine are forbidden
So no metasploit?
quiet schooner
You're allowed msf
somber agate
Anyone up for a game?
https://tryhackme.com/games/koth/join/ac3783852876864c677383c2
Starts in 15 min
dapper escarp
@blissful frigate this is the sort of thing that's banned
blissful frigate
@quiet schooner msf being msfvenom?
quiet schooner
msf being metasploit framework
dapper escarp
that, given you are on shrek./ Will auto harden donkey and also give root callback
within the first 3 seconds of ssh being open
blissful frigate
Root callback?
dapper escarp
You gain root shell instantly
nova tide
you sure? ^
sudden owl
not really
maybe port 5000 but I dont really get how to patch it without dropping the service
somber agate
π
somber agate
We killing shells already bois?
lavish elm
@hasty narwhal u here?
nova tide
LOL reset? when i opened terminal it said session closed
i left the game thought its GG
π
somber agate
You patched shrek, donkey, and puss, no shit there is a reset
You added a second account so you could reset the box by yourself? That's just sad
Is this even allowed?
quiet schooner
@somber agate You are allowed to patch all the vulns
somber agate
yeah but adding a second account to control the resets
stable horizon
I'd ban them, that should be against the ToS
quiet schooner
@lusty portal Opinion?
somber agate
I can't imagine that that is allowed
I'm quiting this game, I don't like this
Now, every time I get root and he can't access the king.txt anymore he just resets and tries to lock me out
nova tide
Everytime? i did once coz i had no idea there was a reset
coz when i got back you were already king your root account was in etc/passwd
changed passwords for all
so i wanted a reset as well
somber agate
Is that a reason to cheat a reset?
quiet schooner
Reset is meant for when someone breaks the box
Or cheats.
Not because someone patched it
nova tide
i patched everything in the first time
was in VC in General
and all of a sudden theres a reset
nova tide
well as the Ninja said reset is for breaking the box that i didnt
so you reset it
then i reset
and now you reseted once more but i still got root
somber agate
It wasn't just me who reset it, but it was just you who reset it
somber agate
But whatever, if you want to cheat like that, sure go ahead but I'm not playing against you anymore
stable horizon
@terse willow, if you don't mind, what's your opinion on banning them for breaking what probably should be in the ToS in the first place?
terse willow
I've been working on dev stuff. What's the issue?
somber agate
Someone used a second account to be able to reset a koth box by themself
terse willow
That does strike me as being somewhat unfair.
It's the site, so that's Skidy's remit.
@lusty portal, if you get a sec, what say you?
(Might be worth explicitly making that clear in the rules, if it's something to be avoided)
stable horizon
I meant from the discord, but the site would be convenient too
terse willow
Not much point in banning someone from Discord if it's a site rule that was broken π€·ββοΈ
stable horizon
Fair fair
Still better than having somebody who's just going to cheat in the community though
neon sleet
@stable horizon Even if the user was banned from the site, as you've witnessed. He has a second account.
winged charm
I feel like doing it in order to progress the game isnt necessarily bad like one time I accidently DoS a machine... oops but the game just couldnt go on because there werent enough reset votes so I think in that case it shouldnt be bannable but if youre doing it to get an unfair advantage thats when it should be against the rules I think it should be up to the discretion of the moderator of the game
neon sleet
The way to handle the situation, in my opinion, is to state the rules to him.
He claims he didn't know he was breaking them.
somber agate
I don't think he should be banned, but I do think this should be very much against the rules
neon sleet
Totally agree with that ^
Very unfair.
Throw it in #544951750801752079 and maybe they will add it as a rule!
quiet schooner
It's exploiting the system
Skidy is likely to make a rule for that
Seeing as I found a way to exploit the system and that became a rule
terse willow
I pinged Skidy -- with any luck he'll get back when he gets a second π
nova tide
π
quiet schooner
@stiff egret Did you get that exploit working?
lusty portal
Reset is meant for when someone breaks the box
@quiet schooner Yeah I agree, I'll add the KoTH rule to 'One user per game (no alt accounts)' and 'Only reset if the box is broken'
stiff egret
@stiff egret Did you get that exploit working?
@quiet schooner Well, I think I should DM you about that.
quiet schooner
@stiff egret Go ahead
nova tide
@quiet schooner Yeah I agree, I'll add the KoTH rule to 'One user per game (no alt accounts)' and 'Only reset if the box is broken'
Thanks
I wanna know which exploit you guys are talking about π₯Ί
somber agate
@quiet schooner So in a koth game, if a box has been fully patched, the game is just over?
somber agate
Otherwise the game is just over after 5 min if someone has already done the box before (which is very likely)
brazen cloud
The chances of that'll become less and less frequent as the pool expands
Besides resetting the box in that case will only extend the game by 5 minutes
stable horizon
@lusty portal
terse willow
Why ping Skidy?
quiet schooner
@stable horizon ?
stiff egret
Anyone playing?
stable horizon
Might've not noticed your ping
stiff egret
π
nova tide
@quiet schooner while fixing instantroot did you made some changes to the way to get into production?
nova tide
oh thats what i wanted to ask ^
quiet schooner
That was never the intended
I still have a script that gets me fast root, but it's not instant any more
nova tide
well idk the way about instant root but thats the way i got production
quiet schooner
Well congratulations, that makes you a hacker π @nova tide
That was an unintentional vuln
brazen cloud
feature not a bug ^^
quiet schooner
I wouldn't have fixed it if it didn't make it instantly rootable
nova tide
so thats what you added?
if (token === undefined || token === "")
stable horizon
Somebody needs to make a list of common linux processes, and you can compare it against the output of PS to see if somebody could be running a looped script to erase king.txt and put their name in it
nova tide
i think token ==="" wasnt there before?
quiet schooner
@nova tide It was
nova tide
ohk
stiff egret
Somebody needs to make a list of common linux processes, and you can compare it against the output of PS to see if somebody could be running a looped script to erase king.txt and put their name in it
@stable horizon peeps have that,(including me) but 1. no one uses it unless its pro game, its like one time thing, you use it once, everyone know what it is. So unless its a some sort of prized game, peeps dont use their best.
stable horizon
right right
nova tide
π
[STATUS] 41.39 tries/min, 1283 tries in 00:31h, 14343116 to do in 5776:01h, 4 active
quiet schooner
RIP
nova tide
20 minutes left lol still cant get anything π
stiff egret
RIP
||@quiet schooner What if the autogen picked the last password of rockyou?||
quiet schooner
It won't
stiff egret
It better not lol, imagine someone getting the pass at 58 minutes lol
terse willow
Yeah, it's pretty easy to restrict, don't you worry
quiet schooner
Go faster with more threads
stiff egret
4 aint enough?
quiet schooner
SSH doesn't like lots of threads tho
quiet schooner
4 is the recommended for SSH as some distros have brute force protection
nova tide
whats the limit for threads?
stiff egret
nice edit
quiet schooner
Well they weren't specific
The limit is "Turn it up until you start getting issues"
nova tide
imma start from the opposite end.. keep turning it down until you stop getting issues
stiff egret
Imma watch the movie Hackers tonight. Recon level 9999.
quiet schooner
It's a good movie
nova tide
It containts the password for root
quiet schooner
You not dumped shadow yet?
stiff egret
It containts the password for root
@nova tide Reported for spreading life threating rumours.
nova tide
Did
but was facing issues to use hashcat
i think i shared a screenshot here somewhere
quiet schooner
@nova tide Not an error
quiet schooner
It would have attempted to crack the passwords
stiff egret
Why the flags are not autogen randoms?
quiet schooner
Then you're doing something wrong
nova tide
now using -t50
[STATUS] 757.86 tries/min, 5305 tries in 00:07h, 14339102 to do in 315:21h, 50 active
imma watch TCM till then
stiff egret
LOL, only 50?
nova tide
Nahamsec*
stiff egret
I thought your plan was to start from last value π
spare scroll
kinda sucks that i am not really good enough do play koth cuz it is really fun π
harsh obsidian
gg @pure beacon @stable horizon @distant flint
stable horizon
except not really because i did basically nothing and instead blew $10
harsh obsidian
except not really because i did basically nothing and instead blew $10
@stable horizon What do you mean did nothing?
harsh obsidian
I did nothing
@stable horizon How did your initial nmap go?
stable horizon
Did my initial scan and got ssh and abyss, only exploits I could fine were to send a payload over to the server but that required local input
And the only abyss web server exploits I found that I could use were for overflowing the buffer and crashing the server
harsh obsidian
Next time you play Food, check out what's on the higher ports.....I always check non-standard ports in a browser and manually with telnet. You get a lot of weird and good stuff there....
stable horizon
Probably, my network is really bad so it takes about 30 minutes to scan more than 10000 unfortunately
harsh obsidian
It definitely shouldn't take that long. What command are you using?
stable horizon
I always use sV and O for service versions and OS detection
harsh obsidian
Do the RP: Nmap room ( https://tryhackme.com/room/rpnmap )
And then watch "Advanced nmap with Viss" on Hak5 ( https://www.youtube.com/watch?v=7XMIFTRiAGA )
Between the two, it should give you a great, fast, default nmap to run...
stable horizon
Kali on an eHDD
harsh obsidian
Kali on an eHDD
@stable horizon That's surprising. I run kali in a VM and it's speed is pretty damn good.
quiet schooner
Kali in a VM works fine for me
stable horizon
Really it's my internet, it's pretty crap (1 MB/s)
harsh obsidian
Really it's my internet, it's pretty crap (1 MB/s)
@stable horizon Even that low, you should be okay with just nmap..... hmmmmmm....
stable horizon
They sold my desk, but I would move it back otherwise
And yes, for some reason I really am using an eHDD
harsh obsidian
Can you run VirtualBox on your machine?
stable horizon
On my actual Hard Drive? I mean yeah
harsh obsidian
On your laptop/desktop
stable horizon
The transfer speed isn't an issue though, this is actually much better than the Hard Drive I have in my system
spare scroll
can anybody give me a hint for fortune?
harsh obsidian
can anybody give me a hint for fortune?
@spare scroll I haven't yet played Fortune, sorry
spare scroll
okay, thanks anyway π
brazen cloud
Itβs against the spirit of the competition regardless
spare scroll
ahh allright
harsh obsidian
Itβs against the spirit of the competition regardless
@brazen cloud Hints to get someone on the right road I think are good, we're all here to learn / practice / have fun. But to flat out give an answer or a command, definitely not okay.
spare scroll
i am not looking for a writeup but a hint cuz it have been 30 minutes and i got nothing
brazen cloud
Absolutely :)
@brazen cloud Hints to get someone on the right road I think are good, we're all here to learn / practice / have fun. But to flat out give an answer or a command, definitely not okay.
@harsh obsidian Absolutely π
I haven't touched a koth box since beta test oof
pure beacon
@harsh obsidian sorry for destroying your shell, couldnt find your script
quiet schooner
nova tide
Finally Hackers in a public game:
https://tryhackme.com/games/koth/2269
distant flint
Guys how do you stop people from accessing the ssh when your in
distant flint
Passwords
quiet schooner
Or keys
distant flint
Ye if you change it the people who are already in stay in
So how do you get rid of them
somber agate
Kill them.
distant flint
XD
quiet schooner
No that was serious
distant flint
ty
onyx spade
gg @nova tide :D
proud moon
Writeup @nova tide
quiet schooner
?
harsh obsidian
@harsh obsidian sorry for destroying your shell, couldnt find your script
@pure beacon No worries. I'm glad I was able to hide it well. Mind if I DM you?
nova tide
Writeup @nova tide
@proud moon whatup?
harsh obsidian
gl @distant flint
nova tide
gg @nova tide :D
@onyx spade well i had to leave for fasting, i had the password for one user at that time. GG though
proud moon
Hey...could you give me a walkthrough of the challenge...I'm still a newbie at this @nova tide
fair adder
thats against the rules @proud moon
proud moon
Ok
quiet schooner
Writeups are not against the rules
fair adder
is not? @quiet schooner
quiet schooner
Read the rules.
fair adder
oh ok well then
stable horizon
To combat the NMAP lag, I suppose I could technically use a Kali Box on the site
While, funnily enough, using Kali at the same time
stable horizon
Oh come on Westar, I was distracted
somber agate
Nothing is patched, and I'll keep it that way
stable horizon
Fun, but doesn't that take the fun of the sense of risk from the other players?
Eh, I'll just go grab my Kali box's IP and SSH into that so I can get to work
Is there any way of accessing it other than the room?
somber agate
I don't get what you mean
stable horizon
On what part
somber agate
But I don't like patching vulns, come join me on my box and let me have some fun with your pts
Like the first and last sentence?
stable horizon
I don't care if you patch or not, I was joking.
But outside of the Kali room, is there an easy way to deploy the box?
somber agate
Deploy what box?
somber agate
Oh, uhm idk, I don't use that
quiet schooner
It's in the kali room
That's how you deploy VMs on THM
VMs belong to rooms or KoTH
stable horizon
Right right but I was just checking if there were any other way of deploying it so I didn't need to go there
somber agate
No?
stable horizon
hm ok
quiet schooner
That reminds me, I need to try something next time I play KoTH
somber agate
What html page are you getting?
stable horizon
Literally every html page just says Westar in the source
Well, every page I pulled with the spider
somber agate
Are you scanning port 9999?
somber agate
Because that is the port how thm knows who is king, that has my name because I'm currently king. There is no vuln there
quiet schooner
There might be a vuln, I wrote the code for at least 3 of the boxes in rotation (for the king server) and we all know how that goes
somber agate
oh boi
quiet schooner
If there is, the code is open source so you aint gonna gain anything by directory bruteforcing it
somber agate
Where can I find that?
stable horizon
Well in all fairness, I'm dumb
quiet schooner
@somber agate Open source, written by me. Should be enough for you to find it
Extra hint, which you can get from the box
It's go
somber agate
Aight, got it
stable horizon
Can you immediately win KotH by shutting off all the services running on the ports, and killing all the processes of users on the server?
stable horizon
hmm mmm m i wonder who posted that
nova tide
Hey...could you give me a walkthrough of the challenge...I'm still a newbie at this @nova tide
@proud moon
stable horizon
Now I do the most fun part
Sitting in agony waiting for the server to start
6 minutes in, still broken
Restarting fixed
Anybody got some good stories?
nova tide
i would recommend watching Hackers 1995 movie in the mean time
stable horizon
Maybe rewatch Wargames
nova tide
Dont tell anyone but it contains the password for root π€«
stable horizon
Hmm
I probably chose the wrong username
But it's not like there's an easy way to enumerate usernames
nova tide
well you got two of em that would be enough.
stable horizon
I have none of them, I just found the login and presumed the username was admin
nova tide
you ran nmap scan right?
stable horizon
Yeah, everything closed
What the? Only 1000 scanned? Shit I forgot to put in the -p-
nova tide
also put -A or -sC and -sV if you like
nova tide
just for reference there's nothing else on higher ports so 1000 are enough
stable horizon
Remind me the tmux shortcut for copy mode
nova tide
<prefix> + [
stable horizon
Got it
Somehow my first scan completely missed the important ports
Oh
That's useful
Well back to waiting for hydra with a new user
To be frank I could probably use a much smaller wordlist than rockyou
stable horizon
nova tide
@brave pilot @stable horizon Good luck
nova tide
didn't get to read it
stable horizon
ha
nova tide
π
stiff egret
@quiet schooner Can I DM?
quiet schooner
Sure
dapper escarp
π
@nova tide if you have valorant installed. Exit vanguard and it will work again
quiet schooner
Ah, my favourite kernel level malware anticheat
nova tide
Had no issues like those. No i dont have valorant @dapper escarp and i tried opening and closing it multiple times times still didn't workded @fair adder . Idk what was the issue, just restarted the pc and it worked
quiet schooner
@stable horizon Good luck. Good idea.
hollow stone
@stable horizon i see you had about as much luck as i did π¦
stable horizon
If I were on a desktop if would be easier
hollow stone
probably, this way seems awkward
stable horizon
Some of the pages when curled were throwing errors, so I'll do another box when I get back
Oh yeah, is there any hint I can get for Hackers?
I just want to know if the goal of the unspecific form is brute force or if it's another method
stable horizon
That there is
But I didn't want to say it was a hidden page on the site, so I was unspecific
I have the usernames, but do I need to brute force the password or is there another way
stable horizon
I just wanted a yes or no answer
quiet schooner
@stable horizon Key part of hacking is trying things and seeing if they work
stable horizon
I'd rather not keep trying things that are never going to work
tacit vale
Thatβs literally part of the process.
stable horizon
That's fair
I spent each of my last sessions in Hackers with hydra, and it never finds anything with most ||common password lists||
tacit vale
So maybe look elsewhere. If brute force isnβt your way in, maybe thereβs something else.
quiet schooner
Or use a better wordlist
And make sure you have the usernames correct
Different services often use completely separate login systems
No reason that a valid system user is a valid website user
LDAP is hard, but that's a way that you could sync the two login sets
stable horizon
I'll just put up a private server and keep working
Oh crap you're right, I've been using a user I grabbed from a different server, I'll try it on the server I grabbed it from in the first place
Damn I'm an idiot
lusty portal
https://tryhackme.com/games/koth/2301 First Lion game:)
stable horizon
Good luck, but I have no doubt you'll do good
stable horizon
Am I allowed to make a second account so I can have a practice KotH game?
Or is that against the rules
quiet schooner
@lusty portal Was there a final policy on this?
stable horizon
I know you can't use it as an unfair advantage like how Naughty rigged a reset
But I'm just practicing for when it's time for an actual game
quiet schooner
Yeah that's why I'm asking skidy
stable horizon
Right right
harsh obsidian
w00t, it's Lion time! (Please be nice @somber agate )
terse willow
I have a feeling the decision was that it's not, because it gives people a chance to practice/write autpwns in a zero-risk environment
quiet schooner
@terse willow however now foodctf exists as a standalone for writeups
terse willow
'tis true, but so far it's the only one
stable horizon
That's fair, I'll go see if I can grab somebody to join it for me
Is that allowed? Is the issue in having an alt or is it in practicing?
terse willow
James makes a valid point in saying that write-ups are allowed now, so, good question.
My personal opinion would be that neither are particularly fair (especially given that the skills can be learnt on boxes that you won't be in competition over), but if one of the admins says otherwise then that's what goes
quiet schooner
@terse willow We haven't had an official judgement
terse willow
Exactly so ^^
harsh obsidian
@somber agate, that's not nice...
spare scroll
how often will it be added new machines to koth?
stable horizon
every month maybe?
terse willow
There should be new additions to the pool each month
Although it looks like they're also being released throughout just now
The push for us to make them is certainly at the end of each month, ready for the next one
spare scroll
ahh, great!
stable horizon
Time to roll my roulette dice and see if I get the right machine so I can test out my idea
terse willow
Lovely -- we have an official judgement π
stable horizon
On which part
quiet schooner
@stable horizon Two accounts
stable horizon
Sweet
quiet schooner
inflate those sign up numbers
stable horizon
ah yes nothing like more user data
somber agate
I may have found an issue with the Lion box
Who do I need to contact
@quiet schooner ?
somber agate
Can I dm you about it, to see if it is intentional?
harsh obsidian
gg!
quiet schooner
@somber agate I know nothing about that box
somber agate
@harsh obsidian GG!
Aight, I'd like to talk with someone about it, I found an instaroot
quiet schooner
@lusty portal Who made this one?
stable horizon
holy crap i finally got a flag
harsh obsidian
holy crap i finally got a flag
@stable horizon Congrats!
somber agate
@stable horizon Ayyy gj!
stable horizon
I was kind of hoping the password for donkey in shrek would be the same as the Shrek box from HTB
quiet schooner
Nah different box
harsh obsidian
lol
stable horizon
Yeah ik but it would've been a good callback
rancid pewter
@somber agate Join public KOTH I need a revenge
quiet schooner
Read the rules and it says how to report
terse willow
Email koth@tryhackme.com for reports
brazen cloud
Email koth@tryhackme.com with the Username and your game id π (in the url)
terse willow
And preferably read the rules ^^
somber agate
@rancid pewter Nah, I'm done with koth for today lmao π
lusty portal
@lusty portal Who made this one?
@quiet schooner I designed, Zayotic madr
@somber agate DM me:)
Might be a little slow at replying, at my parents:)
Will be back at it tomorrow
dapper escarp
Fortune private game as don't wanna see Prod again https://tryhackme.com/games/koth/join/b473d445848c9e312f567bf0
14 minutes eta
rancid pewter
GG
harsh obsidian
Has anyone found the eighth flag on Panda? This is driving me nuts
dapper escarp
That last flag has evaded me since the first time I did that box
That being said I couldn't find the 7th flagthat time π
harsh obsidian
lol
floral kernel
@humble breach gg
burnt depot
@floral kernel well done! that was my first game ever... i got gloria first lol
burnt depot
i was so close with the upload form
humble breach
But did you use auto script to put your name in the king.txt ??
floral kernel
Hunting the king hhhhhh
burnt depot
then getting forbidden and yall were way ahead lol
floral kernel
@humble breach local one liner
terse willow
It is
terse willow
It is allowed
humble breach
It's my first time on try hack me
terse willow
Welcome π
burnt depot
omg what have you done to the poor cms
astral belfry
If anyone wants to check out Lion:
https://tryhackme.com/games/koth/join/655cc35bab0173cd399fb65f
floral kernel
blissful knoll
Just watched somebody play LION, I got some learning to do!! LOL
floral kernel
lion is easy
blissful knoll
for some yes for some that are noobs (ME) no not yet
stable horizon
Kinda lost past User
On Hackers
Any tips? I'm currently grabbing PEAS
Shoot, times up
stable horizon
I'm lost
stable horizon
@fair adder Who made Hackers?
stable horizon
Ah
fair adder
why?
stable horizon
He better not find himself in a dark alley
fair adder
I see
stable horizon
Right, @crude meadow?
fair adder
Is it hard
stable horizon
No it shut off when we were figuring it out
fair adder
@quiet schooner
stable horizon
What do
@quiet schooner Can I DM you with pained noises of a request for help?
@fair adder Do you have any experience with this box? I seriously need just a tiny hint
fair adder
Nope@stable horizon
stable horizon
Thanks for considering
quiet schooner
@stable horizon you'll only get generic help, like everyone else does
high anvil
is it possible to play by myself at koth?
glossy vessel
it is required to have 2 or more players to start the game
quiet schooner
however Skidy has said that having an alt to play private games is allowed.
high anvil
@quiet schooner thanks man for the i nfo, going create my alt account
pure beacon
Down for development?
pure beacon
Ah, ok. Ty
stable horizon
To be fair I only really need generic help
quiet schooner
Well, go ahead then
stable horizon
Before I go, what do you define as generic help
stable horizon
Ah okay
Yeah I don't really need help like that, I'm kinda just confused what I can use with an elevated ||openssl||
stable horizon
I'm aware
quiet schooner
That's the hardest privesc on the box.
stable horizon
I know about the reverse shell, but when running under sudo it only gives me the user?
quiet schooner
Yeah, you need to break down that command from GTFOBins
You call /bin/sh as your user, and just use the binary for IO
quiet schooner
@stable horizon GTFOBins isn't that helpful for this, and that was intentional.
quiet schooner
You need somewhere between a little and a lot more knowledge to use it (compared to what GTFOBins gives you)
fossil jackal
Hi xD
β
terse willow
??
latent hearth
stable horizon
yayy i did it
i got into the other account in hackers
Now just pivot to root somehow
any starting point tips?
floral kernel
have anyone rooted Tyler? i have a question
fair adder
@floral kernel what's up? no spoilers
floral kernel
@fair adder can I PM?
fair adder
sure
void rivet
nova tide
Wait, i thought closing port isn't allowed???
spiral sand
sure isn't allowed
nova tide
so why is port 3000 closed in this game?
nova tide
i voted for the reset ,but someone else also joined in
nova tide
Done
quiet schooner
3000 can be easily fixed without a reset, I'm pretty sure
spiral sand
how ?
quiet schooner
It's nodejs IIRC
spiral sand
okeh how
quiet schooner
You have to understand the vuln
fair adder
the whole point of that service is RCE. how do you "patch" that? changing the parameter name isn't a patch because it doesn't close the vulnerability. can that just return "This service is disabled" and never execute client input?
icy cave
well that went horribly π€£
quiet schooner
@fair adder Remove the RCE, leave the port open
Service is then patched, but still running
fair adder
ok, so just always return "This service is disabled" or something
quiet schooner
I mean it removes the vuln
nova tide
Site is ded
fair adder
@quiet schooner thanks, i'll do that next time
quiet schooner
@stable horizon It's evaluated every minute
stable horizon
Been about 7 minutes
nova tide
the last game that i joined had the same issue, i ran my bash loop but it didn't changed king
nova tide
even only my name was in king.txt
its working in a private game but not sure why wasn't working in last game ^^^
stable horizon
yay
stable horizon
I broke my reverse shell, rip
onyx comet
oh god, it's Chara
mystic bloom
How many flags does every box have?
jovial dune
someone will play koth soon ?
hollow stone
@jovial dune i'm in the public one that starts in 3 minutes
oh poo, it's the windows one, i know next to nothing about that π¦
jovial dune
ee windows
stable horizon
@hollow stone DM me an invite
hollow stone
i really hope someone is messing with my remote desktop session and the connection isn't supposed to be this wonky...
well, this was the most annoying experience ever π¦
stable horizon
Are people allowed to delete basic files? Like sudo and find and ls?
Is that against and rules? Because somebody just did
terse willow
That's fine
quiet schooner
@stable horizon You can get them back if you're smart about it
dapper escarp
Kris
stable horizon
Kros
dapper escarp
I'm just gunna point this out here. You can get static binaries for all of those
try harder
stop moaning
good night
quiet schooner
@stable horizon Also if that's foodctf, there's a good chance that that was just the way the box was designed
Low hanging fruit, designed to be annoying to use
stable horizon
I mean it isn't too hard, just gotta add /usr/bin to path
terse willow
Are you still getting the wall @stable horizon?
quiet schooner
@stable horizon Pls remove image and report pts/1 to koth@tryhackme.com
terse willow
I was going to try for the IP, but yeah, just report pts/1 and maybe the time stamp?
quiet schooner
@terse willow I mean tracing it to the IP is better
@stable horizon But pls remove image
terse willow
@stable horizon Could you send an invite to that box please?
stable horizon
Sry
quiet schooner
@terse willow hmu if you need creds, I got root creds for it
terse willow
I was literally about to do that James π
dapper escarp
KING OF THE HILL JUST LEVELED TF UP
stable horizon
oh my god this hurts me
why is the shell always slowly deteriorating, first no backspace then no cursor
now not even a username
at least it was fun
for a few seconds
brazen cloud
Thanks for reporting the behaviour of that certain spoil sport.
stable horizon
my eyes are very pain from trying to read the screen
brazen cloud
Yeah...No place for toxicity like that...
stable horizon
No just the bad deterioration of the UI
stable horizon
weak haven
lol joined this game a little late
harsh obsidian
https://tryhackme.com/games/koth/join/108698be79fab246b64ff0c6
@burnt depot gl
burnt depot
make it seem so simple but then... wtf
weak haven
well then i guess im a little not great lol
quiet schooner
@stable horizon you only found one route
weak haven
but learning is fun
quiet schooner
And it took you a loooong time to find it
quiet schooner
Yeah until someone patches it. Which you can do super fast.
weak haven
aaaaand times up
burnt depot
gg π
burnt depot
man i feel like i was so close to something, but no dice
stable horizon
that was fun
weak haven
i just found a login and then time ended lol
harsh obsidian
gl @burnt depot ghannett hopefully hackers comes back up; I've got a LOT of work to do on there... π¦
burnt depot
agreed. gl 2 all
harsh obsidian
@harsh obsidian with the skyrocketing score lol
@weak haven lol. I keep my notes so I don't make the same mistakes again. I finally found the final flag though, than $diety!
- thank $diety
burnt depot
i just dont see my way in yet. more minimal that the others i've done so far
harsh obsidian
i just dont see my way in yet. more minimal that the others i've done so far
@burnt depot Ports 15065 and 16109 have http servers. dirb works well here....
burnt depot
;p ok.. nice
weak haven
yah gotta work on my sql stuff a ton lol
harsh obsidian
gg all!
weak haven
i think im addicted lol
stable horizon
nova tide
So easy
@stable horizon which way you found? through which user i mean
stable horizon
For?
nova tide
hackers
harsh obsidian
brittle merlin
Anyone trying https://tryhackme.com/games/koth/2477
hollow stone
@brittle merlin not right now, but I got that one a few days ago, seemed harder than the other ones I tried
brittle merlin
I get redirected to panda.thm and it doesn't seem to load up.
got valid creds for user but it doesn't let me log in
sonic atlas
did you add it to your host
brittle merlin
in /etc/hosts?
sonic atlas
ye
brittle merlin
nope, can you tell me how?
hollow stone
just opening the file and copying what the examples there are doing should work
brittle merlin
I tried, doesn't work. Tried reconnecting to the vpn as well
fair adder
Saving panda.thm to your known hosts doesn't work?
brittle merlin
let me try again
fair adder
I think the actual web page that displays that hostname is supposed to stay as such
brittle merlin
Yeah what do I add there? The entire url to the page or just the IP?
fair adder
IP usually
brittle merlin
Yeah, it worked. Thanks
high anvil
Hi @somber agate may i ask some question for box hacker?
stable horizon
you can ask me
icy cave
can someone give me a nudge on spacejam? now on my 4th go and still no shell.. dont think i understand nodejs correctly
somber agate
@high anvil Ye you can DM me if still needed
stable horizon
Too bad James isn't here, that would be great
pure beacon
@stable horizon Can i dm you?
stable horizon
Sure
hollow spoke
@stable horizon may i pm you with a question regarding koth hackers ( 2nd user) machine ?
sonic pecan
hii
grand ember
stable horizon
Yes
stable horizon
@willow silo Can I join your game?
burnt depot
so many places to put files... but where do they gooo lol
harsh obsidian
any1 got a game going i can join? 25min wait
@pure beacon Got about 17 minutes remaining on the clock
https://tryhackme.com/games/koth/join/c75e3a184f2a77ab1514bbc7
harsh obsidian
Starting in 7 minutes:
https://tryhackme.com/games/koth/join/e84d954c3520d9b3f8439336
quiet schooner
I've reported it in bug submissions
stable horizon
well ill take the win
harsh obsidian
Thats odd, i didnt see anyone else in the room at all
tacit vale
I literally clicked a link once and was granted a KOTH win. Never played a match in my life.
harsh obsidian
I literally clicked a link once and was granted a KOTH win. Never played a match in my life.
@tacit vale Did you get the badge for winning?
stable horizon
I got it added to my streak, it was counted
harsh obsidian
tacit vale
I didn't get a badge. But got the win screen.
harsh obsidian
Odd
latent quest
@tacit vale Seemed like it took a bit for it to show up for me. π€·ββοΈ
tacit vale
April 23rd. So I've given up hope on my unearned badge.
winged charm
Ive won a koth match too and never got the badge
harsh obsidian
April 23rd. So I've given up home on my unearned badge.
@tacit vale ?
Ive won a koth match too and never got the badge
@winged charm That's surprising. If you have the game number, I'd suggest pinging one of the Admins....
stable horizon
Same happened to me, I presume you need your name in the file at the end and not just the highest point value
stable horizon
ah k
quiet schooner
I have it, and I've only won a public KoTH
Contact skidy, he'll give you the badge
harsh obsidian
22 minutes until start: https://tryhackme.com/games/koth/join/7756a4a7a16ebaf888562ada
fair adder
weak haven
are there decoy king files?
harsh obsidian
lol, no. I haven't seen any decoys
weak haven
gg to you too lo
lol
i tried to put my name in but it wouldn't update to the scoreboard
harsh obsidian
<evil grin>
weak haven
i was so happy when i found it lol
then all of a sudden i read it again and @harsh obsidian is back in the damn file
harsh obsidian
lol. feel free to PM me as to how you got it. maybe we can talk a bit
stable horizon
oh god did you use chattr again
harsh obsidian
............................................................................................................................maybe
weak haven
you'll quickly disband that team lol
i'm still learning my way around different techniques
fair adder
@harsh obsidian you are evil
stable horizon
He is, but he's my fren
last ether
I have a question for koth
Is it ok to edit the sshd_config file in any machine once you have root?
last ether
Or is that against the rules
Is it ok to edit the sshd_config file in any machine once you have root?
@last ether
I'm not terminating the service
stable horizon
Ok it's fine then
fair adder
my personal opinion : its not
glossy vessel
read the rules
making machine unavailable for others is against the rules
patching vulnerabilities or changing ssh port is fine
last ether
But there are other ways to get onto a machine?
stable horizon
There's always multiple
last ether
And I'm not terminating the ssh service
glossy vessel
thatβs good
last ether
Only allowing certain users to log in
That's fine no
That is what security is after all. Isn't it?
last ether
That tooπ
glossy vessel
so that getting user becomes fairly useless
last ether
But you never know when someone else finds something you haven't
glossy vessel
yup, thatβs the point of the game
last ether
So the technique mentioned above is fine right?
glossy vessel
anytime 
weary marten
how many flag are there on spacejam?
fair adder
if you still have the room up, mouse over the flag icon
the hover text will tell you the number
fair adder
welp
high anvil
if you wanna know how many flag total each box? just put your cursor mouse on "flag icon" beside flag submission. they will tell you how many flag that you need to obtain
brittle merlin
Any hints on food?
glossy vessel
@brittle merlin look for all open ports
and check if there are any interesting files on them
last ether
Any hints for hackers
quiet schooner
Enumerate harder
last ether
I able to find only two flags lol
Should we actually watch the Hackers movie from 19s
fair adder
i mean, you could just beat on the box, but you won't really appreciate the work that went into it
quiet schooner
It's a KoTH box
It's designed to be beaten on
There's lots of doors
Find them, open them
finite turret
Guys one question ....... Do every machine have more than one way to break in
fair adder
i heard rumor that there's at least 4 ways to break in, on every machine
finite turret
Ok....
high anvil
@quiet schooner can i dm you?
finite turret
Did space jam .... it seems really easyπ
nova tide
@finite turret try Hackers next π
stable horizon
π
fair adder
ugh... not looking forward to going head to head with you @nova tide
get spanked every time
nova tide
i cri π’
fair adder
well at least you showed some emotion!
nova tide
I'll beat him for you
@stable horizon π
stable horizon
Send me an invite when have chance
terse willow
@fair adder Keep it PG13 please π
stable horizon
Damnit is relatively PG13, but that's about the limit of it
fair adder
btw what does chattr do? and how do you use it in koth?
quiet schooner
@fair adder Probably a chattr on a loop
gusty cradle
@fair adder chattr -i /path/to/file && rm /usr/bin/chattr
nova tide
(i am not even root)
stable horizon
Yeah that's what n0beard tends to do to me
nova tide
@fair adder
chattr -i /path/to/file && rm /usr/bin/chattr
@gusty cradle let him google?