after that u cant ever unset the attributes?
#koth
quiet schooner
You can
stable horizon
He doesn't have to google, people are just allowed to refuse help
quiet schooner
Copy a new chattr binary over
gusty cradle
^
quiet schooner
I got a spare one here for ubuntu 1804
gusty cradle
Statically compiled chattr binary
terse willow
Just thinking actually, would it even need to be statically compiled if you only deleted the binary and not the underlying libraries? Probably not, if it was the same version as the deleted one?
Probably safer to just use the statically compiled one though π
fair adder
one could also use python to chattr... https://www.tutorialspoint.com/python/os_chflags.htm
quiet schooner
@fair adder Oh cool, I couldn't find that system call last time I looked
stable horizon
What machine are we talking about
nova tide
Panda*
fair adder
i thought panda was 10x easier than spacejam... still bashing my face against that one
dapper escarp
Spacejam is the easiest in pool
fair adder
@quiet schooner apparently chflags() has issues on linux. I've tested this and it works: https://stackoverflow.com/a/36274086
oh @dapper escarp thanks for making me feel like a dummy. problem for me is everytime i am on that KOTH, i end up getting work phone calls or wife agro... lose all my time to poke at the sytaxx to do what i am sure i need to do
quiet schooner
Oh yeah that's what I found in the end I think? @fair adder
stable horizon
Spacejam is the easiest in pool
@dapper escarp
Food is even easier, just telnet, log in, edit sudoers, su, done
dapper escarp
and spacejam is literally run ?cmd=python -c "import socket, etc etc and root
tell me instant root shell isn't easier...
one step root vs like what 4?
stable horizon
Gonna try to do it from an ssh phone app
So my fact of being level 8 is a bit handicapped
stable horizon
private or public
weary marten
public
stable horizon
ok
weary marten
so...which box gonna pop up? any guess xD
weary marten
ohh shit
stable horizon
ez
weary marten
ty xD
stable horizon
so like i took out all the suid programs i saw on gtfobins, that should slightly help me
stable horizon
It's not
weak haven
who killed ssh
weary marten
sad
stable horizon
I didn't kill it, I'm connected over it rn
weak haven
lol don't disconnect
stable horizon
Ok I was right, it was just the netcat listener
Yep, that should be everything sealed up
weak haven
lol nice @stable horizon
stable horizon
just running some flag finding commands
weary marten
ggwp
weak haven
if you find one, let me know
stable horizon
hi
gg
I'll log back in through ssh to see if its down
...
# exit
# ^C
# ^C
# exit
#
It's not letting me exit the root shell
Ah yep connection refused
Not my doing, saw some bash_history of somebody modifying the service
jovial dune
dapper escarp
@fair adder Instead of hitting my DMs without permission how about you ask here. Maybe @quiet schooner will help you seeing as it's his box.
stable horizon
Which box
lone reef
..
stable horizon
...
fair adder
I asked for a sanity check that a box didnt need to be brite forced via a dm
quiet schooner
@fair adder Please don't DM users without checking if it's OK first, this is Rule 1 here.
fair adder
As he reminded me then blocked before i could apologize
Thought that since he has flagged me in a convo here earlier I could ask for a sanity check, I misunderstood
nova tide
Thought that since he has flagged me in a convo here earlier I could ask for a sanity check, I misunderstood
@fair adder if you ask here no one will mind answering you. Its a rule for a reason because some people dont like DM.
fair adder
https://tryhackme.com/games/koth/join/c067f2d7bf4c9c46cc3d3ef6 cool game yes yes very cool come play with me
stable horizon
ok
nova tide
nice myDonut is here π
just woke up and gonna play tetris first thing in the morning π
rancid pewter
Nah I just need to compile something on the box
Unless you really want to play tetris ?
rancid pewter
That perfect Space Jam a box without gcc
quiet schooner
@rancid pewter Static or get a box with the same OS and libs π
nova tide
no point in killing shells in space jam unless you patch the ways to get in
stable horizon
tbf that was me
stable horizon
did i tetris anyone
rancid pewter
Nope you didnt put full path
stable horizon
ah i forgot the ./
grand ember
nova tide
π π
weary kindle
I might have something like that in the works
grand ember
you have something like that in the works
rancid pewter
Easy win on tetris
stable horizon
Hmm I should up the difficulty
weary kindle
you have something like that in the works
@grand ember how do you know about my secret plans
grand ember
because you told everyone about them already
also your status on discord few days ago
quiet schooner
weary kindle
I need to start work on it again
rancid pewter
Want to hear an horror story, I finished my rootkit today...
weary kindle
Did you enjoy your time deving it?
grand ember
does it have pacman instead of tetris?
rancid pewter
Nah it just to get king
quiet schooner
It plays popcorn, because it's kernel level
rancid pewter
@weary kindle It a real pain to use undocumented function
grand ember
kernel level noot machine 
rancid pewter
I just need to compile it on every KoTH kernel
weary kindle
The only feature I've tested live in mine is persistance.
I know Food and Prod have the kernel headers on them
quiet schooner
...you can patch that without closing it reeeee
nova tide
you have said before but someone closed it π
so just making sure if its against the rules or not?
quiet schooner
It is.
rancid pewter
The only problem with my rootkit is once it started you CANT do anything to get king.
grand ember
@rancid pewter even another kernelmod? 
nova tide
the max i touched the king was cat king.txt
quiet schooner
@rancid pewter I could get king, but not by the KoTH rules.
rancid pewter
@grand ember Yeah but verify specific function
@quiet schooner What does that mean
quiet schooner
That'd be telling.
stable horizon
im confused
hey wait thats what screen did? neat
well i mean if it did do that at least
nova tide
rancid pewter
Anyway that I can have the kernel header of all KoTH box ?
nova tide
full grove
happy one liner for y'all
for LINE in `cat fqdnInScope`; do ping -c 1 $LINE | grep data | cut -d '(' -f 2 | cut -d ')' -f 1 >> ipAddressesInScope.txt; done &```@rancid pewter Most of them are ubuntu 1804
full grove
reads a list of hosts from a file, pings them, extracts the IP address
stable horizon
Gonna head off from this match, gg Donuts
nova tide
so closing port 22 is allowed? π
rancid pewter
@quiet schooner But they got different kernel version
nova tide
not sure how the rules work
stable horizon
It's not
quiet schooner
So dump version for each
rancid pewter
@stable horizon GG
stable horizon
No making it impossible to access ports
quiet schooner
Compile with headers
quiet schooner
@stable horizon That aint the rule
nova tide
so if its against the rules whats next?
stable horizon
Lemme grab the rule
nova tide
@stable horizon That aint the rule
@quiet schooner ?
stable horizon
"The machine should not be made unavailable (shutdown, firewall rules to stop all communication, all services terminated, machine botching etc..)"
nova tide
go and move ssh onto a different port
@full grove oh ok
quiet schooner
The rule is that you can't close services
You can patch them so that you can't exploit them to gain access
That's allowed
rancid pewter
@quiet schooner That going to take a long time and a lot of private game
full grove
nothing about restarting a service to allow it on a different port 
nova tide
in this game port 3000 has been closed for some time until i asked here
and then reopened ^
nova tide
No idea what would that be but ok
nothing about restarting a service to allow it on a different port :4head:
@full grove V
full grove
V
nova tide
ok so the game ended.. can someone help me understand what am i missing about which port ssh was running on?
nova tide
Umm i am king
golden vapor
Gg
near sphinx
did you close the easy port? @nova tide
nova tide
did you close the easy port? @nova tide
@near sphinx ??
which port?
i didnt close any
near sphinx
nvm its just my nmap haha sorry
nova tide
π
near sphinx
gg
nova tide
GG
fair adder
Hey I'm looking for someone to chill and do some koth games with
I don't think I'll ever be king but
I'm still down to try
stable horizon
Sure, I'm down tomorrow
fair adder
Alright bet
stable horizon
I would rn but I'm gonna head to bed once I finish this school
raw bear
https://tryhackme.com/games/koth/join/41a9b6a2b5a1bb57c415f90c 2mins to start if anyone wants to join
raw bear
Yeah, I thought the same then u joined @stable horizon
nova tide
i am late but lets see
raw bear
yeah ig haha
stable horizon
I always win
golden vapor
GG I got stumped π€
stable horizon
I literally did nothing after the first 5 minutes
golden vapor
I noticed haha
stable horizon
I STILL WON
coral maple
lol
stable horizon
so iuhhhhhi so uh
golden vapor
I put the peices together, I just need to try harder* and figure out how to execute them >:V
nova tide
...
nova tide
what would happen if someone would reset the machine now π
stable horizon
They'd better not find themselves in a dark alley, I can say that much
nova tide
i dont wanna play tetris
stable horizon
its too late for excuses now
$6$CMJF8CIY$aq3ycncJkhhTa6h6vgec5Dr53cKJmQ.9Fa.7ZceaolrIr0B5DDKHZfV97GI0puAfrD.hCt0ZOBqtbt/RT/1TV.
stable horizon
i see a pattern
brittle merlin
Any hint on where the 4th flag on Production can be?
brittle merlin
Production again? π
weary kindle
Good, 'twas designed to be so
severe orchid
koth anyone? Link -- https://tryhackme.com/games/koth/join/3a41dea9a970787b24b7317a
full grove
y'all clearly haven't played offline 
old shore
so can you not use a Denial Of Service attack on any room?
brazen cloud
Absolutely not @old shore
nova tide
ofc not
old shore
ok
brazen cloud
Any form of DoS against anything on TryHackMe is strictly prohibited
including other users π
jaunty sparrow
i thought that was just common sense xD
stable horizon
Good morning!
nova tide
i thought that was just common sense xD
@jaunty sparrow it wasn't a rule before so people get confuse
Good morning!
@stable horizon Evening
jaunty sparrow
ahh @nova tide i didnt know that im quite new to tryhackme
nova tide
welcome to THM, have fun
jaunty sparrow
thank you π
tardy gull
Hey! Can someone dm me explaining how we're supposed to escalate offline? I got the krbtgt hash and tried a golden ticket attack but it didn't seem to work
severe orchid
nova tide
Hey! Can someone dm me explaining how we're supposed to escalate offline? I got the krbtgt hash and tried a golden ticket attack but it didn't seem to work
@tardy gull (ik it gonna sound like i am a total d*** but)
tardy gull
oof I've booted the same box 4 times now lmao just want answers
nova tide
Well its koth box no one is supposed to answer you how to simply root a box
dapper escarp
vague prairie
pure beacon
lol
nova tide
i wonder if thats @pure beacon
severe orchid
dapper escarp
Rank means very little in koth
nova tide
i forgot i joined it
stable horizon
I really don't care atm, I'm just working on a room
nova tide
Rank means very little in koth
@dapper escarp says #15
stable horizon
I'll root myself eventually
dapper escarp
Iβm not great at koth by any means
nova tide
i am almost done
severe orchid
anyone knows how to priv esc from gloria in the lion machine?
dapper escarp
Thereβs a number of ways
stable horizon
I dunno, but you should probably check find / -perm /4000 2>/dev/null and sudo -l against gtfobins
severe orchid
k, thanks a lot
is there any way to run sudo -l without knowning the password
i got in through the n******o rce
stable horizon
Ah it depends on if the user is allowed to under sudoers
somber agate
Koth is a complete seperate beast from the thm rooms, I agree that ranks don't mean anything in koth
nova tide
I want to ask a question regarding sshd_config file. Can i dm someone?
i want to try something but thats not working so was wondering how that works
quiet schooner
The documentation for it online is excellent
nova tide
oh my bad
i forgot to restart the ssh server
lemme see if that works.. i think it should
oooh it worked..
nova tide
@tardy gull @worldly igloo can someone share invite link?
worldly igloo
nova tide
np
stiff egret
Anyone up for KoTH?
nova tide
yas
stiff egret
Ah, I see you rooted hackers
harsh obsidian
Hey I'd love to join
@stable horizon https://tryhackme.com/games/koth/join/d6aa5c234840e83e234af6b9
stiff egret
ETA?
nova tide
no point joining in @stable horizon
stable horizon
excuse me there's always a point joining in
nova tide
prod and gcrawford patched, even if you have time to brute force
i can give you password if you wanna try?
quiet schooner
@nova tide DM me your patch for production
harsh obsidian
prod and gcrawford patched, even if you have time to brute force
@nova tide Did you change the rcampbell password or does it rotate?
harsh obsidian
lol
stable horizon
Do SSH keys shift?
stable horizon
Are there ever any patterns
stiff egret
I am gonna make a git repo for this patch:
This is my patch:
rm -rf --no-preserve
stable horizon
Is there even another way to get in
gusty cradle
@stiff egret The correct command would be: rm -rf / --no-preserve-root
quiet schooner
You're allowed to patch all the ways in
stable horizon
That wasn't the question
quiet schooner
There's more than 2 ways in
stable horizon
I've been enumerating it for about a week now, I've only ever seen the use of one way
stiff egret
@stiff egret The correct command would be:
rm -rf / --no-preserve-root
@gusty cradle Thanks!
quiet schooner
@stable horizon Then you haven't found much
stiff egret
Although not gonna verify it.
nova tide
@stable horizon join?
stiff egret
sure as hell m not playing a windows box.
stable horizon
ez
stiff egret
The only thing stopping my response to that is PG-13 cate of this channel.
stable horizon
I try to make it sound easy so people try and fail at it, easier to win for me
quiet schooner
stiff egret
I have owned all machines except Hackers and offline.
stiff egret
Nah, Want to figure it out myself, its fun,
I can help you with that
@stable horizon
stable horizon
DM me what you know so far, I'll see if I can give you any tips working forward
quiet schooner
@stiff egret The cheatsheet is figuring it out yourself
stiff egret
Exactly.
quiet schooner
Ah right I misunderstood
stiff egret
The fun is when the command works just when I am about to break the laptop.
So far so good.
stable horizon
Ah that's fair
Frankly I'd just be giving you the easiest and, debatably, most boring method
stiff egret
easiest and boring, ah reminds me of my github lol
quiet schooner
My motto is "Pointless, but cool"
nova tide
My motto is "I wont do it. if i have i to do it, make it quick"
stable horizon
My motto is "Get it done, get some rest"
high anvil
My motto is "I wont do it. if i have i to do it, make it quick"
Oreki motto , classic
stiff egret
If It can be done tomorrow, Don't do it today.
high anvil
wait what
stiff egret
π€£
nova tide
if it can done tomorrow Do it romorrow
high anvil
if can be done tomorrow, do next month
stable horizon
If it can be done tomorrow, just don't think about it in the first place
high anvil
oof
somber agate
if it can be done, don't.
stable horizon
At least Westar is thinking outside of the box
quiet schooner
Life is short. Take a nap.
stable horizon
If it can be done, stop writing inspirational quotes and go start doing it
full grove
@stiff egret here's a hint: theres a direct way to NT AUTHORITY thats not EB :D
but you gotta enumerate properly
quiet schooner
The "0day"?
full grove
No-p-
somber agate
Yo guys of game 2774, goto the index of the webserver
bronze valve
What does it mean when it says you have to he an intermediate to play koth
full grove
and update your rank from beginner to Intermediate or above
it'll be under the About You tab
floral kernel
Panda machine is weird... Interesting!
harsh obsidian
24 minutes until kick off:
https://tryhackme.com/games/koth/join/b44e7fef0e584dac2f721fdc
floral kernel
I'm in
floral kernel
Please be Tyler or Panda π
stable horizon
Offline is pretty easy too
It's literally a vulnerability that takes seconds to crack
harsh obsidian
GL
brazen cloud
hf lads!
stable horizon
unfortunately i dont know how to do lion
rancid pewter
It perfect it got gcc onto it
quiet schooner
@floral kernel Filtered doesn't mean closed
floral kernel
yeah sure
quiet schooner
Filtered means your connectivity is probably dead
floral kernel
don't think so π
quiet schooner
@floral kernel Filtered means it didn't get a RST
Connection between you and the box is likely dead
So your VPN
pearl gladeBOT
TryHackMe
quiet schooner
Also you're only scanning top ports
stable horizon
True
floral kernel
port 80 should appear there but it didn't
filtered also means, fw filtered
anyway
quiet schooner
@floral kernel Filtered means it didn't get a RST
That can be because there's a firewall filtering them, or you're not connected properly etc
floral kernel
tbh idc, i planted my backdoor, but he sure bought some time by fw filtering my ip to close everything
anyway
guys please follow the rules!
now its closed
ssh
rancid pewter
Stop killing shell just want to try something for the last 8 mins
floral kernel
@harsh obsidian nice cheats, fw blocking ips, stopping services and such, good job
severe orchid
koth? 24 min till start : https://tryhackme.com/games/koth/join/5cb50a0915b5450129c15f38
rancid pewter
So how is the rootkit ?
coral maple
:/
coral maple
gg
solemn ferry
yo
lilac topaz
@solemn ferry Yo
glossy vessel
fair adder
hey swafox im in
glossy vessel
nice
glossy vessel
nice bruh
fair adder
glossy vessel
closing connections huh?
fair adder
is that okay?
weary marten
any nudges on hackers?
glossy vessel
umm yeahhh, but not cool
fair adder
oh
fair adder
so i can kill it?
glossy vessel
^^^
quiet schooner
And there are better ways to patch
terse willow
If that's killing terminal sessions, then yeah, it's allowed
quiet schooner
Like. Actually patching.
glossy vessel
i did patch on my side so idk
fair adder
@quiet schooner idk how im looking for that now lool
quiet schooner
You gotta understand the vulns
fair adder
bruhh someone set pass to ashu
glossy vessel
π
glossy vessel
while i patched the ftp stuff and suid
fair adder
i wanted to lock hem up when i kill hes session to get hem out of the way while im fighting with you
but it appears he owned us LOL
glossy vessel
but i am still a king lol
because i hid a script which automatically writes my nickname to the file
fair adder
and i was wondering why.. cleaver way lol
glossy vessel
mhm
but the script's name is pretty obvious so it can be easily found
i don't want to make life harder for people
fair adder
well me neither i was just testing does sudo kill work ... but really wanted to kill other guy's session but he was automaticly creating it again or something idk
this is more stress in 20 minutes then league of legends and csgo combined
fair adder
lol
rugged pumice
@fair adder the 'other guy' is probably running reverse shell somewhere, which explains why he creates a new session so easily. Find it and kill that process
fair adder
i can't im going to store now lmfao
im trying to bruteforce skidy's password
maybe that will save me lol
rugged pumice
good luck with that π
glossy vessel
you were quick lol
fair adder
yeah well i runed
glossy vessel
ahhaha
rugged pumice
there are multiple way that you can get it, it's not only ssh
glossy vessel
what did you buy
fair adder
booster
glossy vessel
booster?
fair adder
its energy drink
glossy vessel
it's useless basically
rugged pumice
you can,
but what if the password is: ritgmg439t2mf32fk
it will take VERY LONG time
glossy vessel
yeah obviously
fair adder
well then this guy pwned us
rugged pumice
ashu's password is not the only way you can get in
rugged pumice
idk about you, but ||9001|| looks interesting
golden vapor
π
fair adder
hmm
it kinda works
but at the same time it doesn't
okay im gonna do some enumiratior
glossy vessel
smb is also available
icy cave
9001 wokrs fine
fair adder
yah but what can i do with smb
glossy vessel
enumerate and access a share
severe orchid
anyone got any idea how to privesc in lion
nova tide
quiet schooner
@severe orchid https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Linux - Privilege Escalation.md
icy cave
how many ways are there to get a foothold on hackers?
quiet schooner
At least 3
nova tide
@sullen hound just ping me here if you want anything
sullen hound
ok
nova tide
ok now you can DM me xD
icy cave
@quiet schooner can i DM?
quiet schooner
@icy cave I can't promise I'll answer the questions
dapper escarp
Would be a nice implementation to have a Ready up button once everyone is ready it starts in 60 seconds
stiff egret
yeah
quiet schooner
Rather than the votestart that was suggested...
stiff egret
idc anything to skip this wait will do. :/
dapper escarp
The 60 seconds once everyone would allow last minute joins to increase to max capacity
stiff egret
not streaming today?
cinder obsidian
wats ur youtub
dapper escarp
cinder obsidian
do you do bug bounty work?
and if i get good in these boxes, can i do bug bounty work, realistically?
or need up my levels?
dapper escarp
I'm probably one of the worst people to ask about bounty work, I occasionally attempt them but when I start hitting a hardened target I go to shit.
Honestly if you push yourself enough you can move into bug bounty for sure, it's more a mindset and a mental block than anything
fair adder
https://tryhackme.com/games/koth/join/5453fe735fab4764c58ad105 15 minutes till start room: food
brazen cloud
Gl @dapper escarp in koth :>
dapper escarp
Gunna get destroyed
vague mason
lol
quiet schooner
Hackers scared them.
peak steppe
@stiff egret That was an intense one, wasn't it?
stiff egret
Thats a dick move
putting up loops to just urandom on every IP other then your is really low graded.
stiff egret
With great power comes great responsibility
stiff egret
This peeps need to know that. making a loop to auto kick anyone other than you is a ULTRA NOOB signature.
stiff egret
If no one can get it, the victory is pointless.
stiff egret
peak steppe
In fairness, you did have the last 10 minutes available to do something
stiff egret
And in all fairness for other players (to try to play) I didnt change any password. I have one liners to do that. But If you don't let anyone get in the ring, then It wasn't much of a fight is it?
peace.
quiet schooner
Scripts that autoharden the box are explicitly banned, remember @stiff egret
spark holly
Just completed a koth challenge and connected to a share (no username, password) with an executable .bat file that would give the user running it king... just wondering if it's possible, any exploits or anything, to be able to somehow run commands on the remote machine without having been logged in, or get anywhere close to doing such a thing? I was connected using smbclient and I was able to get as far as downloading and upload files
quiet schooner
@stable horizon SMB can run commands
spark holly
@quiet schooner how would you do that?
I found a bunch of usernames and passwords, tried using ssh and ftp, tried brute forcing, but nothing
quiet schooner
stable horizon
Really? Thought it was just the windows equivalent of quick FTP
sounds convenient
spark holly
@quiet schooner are you talking about being able to execute shell commands as you would normally do in cmd if you were on the machine?
spark holly
Awesome, thanks @quiet schooner
stable horizon
Send me over the IP for the system, wanna try that out
Oh right KOTH, sorry I thought it was a normal room
fair adder
https://tryhackme.com/games/koth/join/8e55e79eb52872cbb213fb7d ultimate koth game : room hackers
quiet schooner
Enjoying that gobuster?
cobalt jackal
gg
fair adder
hackers
escalated on every user... but there has to be a better way to get the access to them than the backwards way i got in
harsh obsidian
KotH starts in 8 minutes: https://tryhackme.com/games/koth/join/2fb1d543a9042ad16bcfbf59
burnt depot
harsh obsidian
KotH starts in five minutes: https://tryhackme.com/games/koth/join/1c3508166866358e36c8f945
raw bear
@harsh obsidian since im a little late, what box?
harsh obsidian
@harsh obsidian since im a little late, what box?
@raw bear Didn't have enough players. π¦
Gimme a second though and I'll fire off oe
*one
raw bear
ight
harsh obsidian
harsh obsidian
I can undo it if you like.
and then point you in the right direction
did you get a root shell?
And there's a second flag for you to find
raw bear
yeah I know the way in on port 3k
harsh obsidian
word. I don't need the win so I undid the flag thing. it's now up for grabs again, easily.
Don't forget the second flag
raw bear
Idc for the win either but I would like to snoop around if u would put the king.txt lock back
I would like to find ur patch
harsh obsidian
it's unlocked
raw bear
I just gave up to go smoke lol
harsh obsidian
lol
don't forget that there are two users with SSH access to the box. one password, one key
have you figured out how i locked king?
raw bear
havent the foggiest
rough spindle
who in koth rn
rough spindle
GG
stable horizon
my non-koth sabbatical is done
raw bear
@stable horizon join karmas pub, lets play some, vc?
fossil ledge
I have a doubt on rooting Hackers, could someone clarify it? May I ask here?
raw bear
Am i wrong or are u not supposed to close ports??
coral maple
there was consent dont listen to it
viscid girder
anyone playing koth at the momment
viscid girder
great when people just firewall the koth box
lost olive
i'm playing koth @viscid girder
viscid girder
yeah you owned it π
lost olive
that last flag was a real challenge π
that was pretty fun. i had access pretty quick but freesec was on my heels
icy cave
i left... but i defo need to learn up on some stuff π gg
there was a couple of times i was king, but unsre how.. must of left something running somewhere
severe orchid
chrome pumice
gusty cradle
I don't see anything wrong in it, you're allowed to change passwords and kill sessions....
gusty cradle
@viscid girder Did you close the port? π
viscid girder
@gusty cradle which one?
gusty cradle
Any of them?
viscid girder
ssh is user login limited now π
gusty cradle
@viscid girder iptables?
viscid girder
no sshd_config
gusty cradle
But did you close ports?
viscid girder
no?
gusty cradle
π€
fossil jackal
how can i participate in koth 
gusty cradle
@fossil jackal https://tryhackme.com/games/koth
fossil jackal
@gusty cradle oh thank you so much 
gusty cradle
@viscid girder Good game, but I have to go now
fossil jackal
peak steppe
Just saying that's a spectate link
peak steppe
Thanks
terse willow
That is kinda the point...
hollow stone
someone changed the passwords? i thought i was the only one with root and i didn't...
quiet schooner
You're allowed to fully patch the box
hollow stone
that's no fun though
i reset the two passwords i know
haven't cracked the one for food
quiet schooner
Have fun cracking those.
hollow stone
still not able to find the one flag i'm missing tho π¦
gusty cradle
@fair adder The command would execute, but it wouldn't return much, a better way would be to check for md5 hashes using grep
hollow stone
tried both of those already, my guess is that this one is encoded in some way
gusty cradle
@hollow stone I've used the md5 search on Food and believe me it works
hollow stone
ok, guess i need to try again then π
@fair adder did i leave pasta in sudoers or did you find a privesc i wasn't aware of?
fair adder
you did leave pasta in sudoers xD
hollow stone
guess i'm an idiot π
hollow stone
someone changed pasta password again
and i think i patched all the other privescs
maybe there are more tho
fair adder
dunno, new to this box
fossil jackal
guys ssh password is changed ?
hollow stone
i think this is my 4th of 8 koth games i played...
fossil jackal
xD
hollow stone
well, i guess i should just copy/paste the flags and call it a day
fair adder
up form more koths? I joined late on this one
fossil jackal
guys could we talk voice room ?
fossil jackal
okay xD
fossil jackal
hha xD
quiet schooner
@fair adder everything on linux is a file
hollow stone
you just write to /dev/pts/number
quiet schooner
That includes your terminal
fossil jackal
oh no i can't login ssh again xD
fossil jackal
fair adder
y we're out
they changed credentials
xD
there are probably other ways in but i dunno
hollow stone
bread has a vulnerable web service iirc
fossil jackal
@hollow stone congrats
quiet schooner
Pretty easy to patch
hollow stone
probably patched though having already played with naughty π
peak steppe
Well played
nova tide
lol how do you do this
@fair adder that was me π
fossil jackal
Well played
nova tide
btw @quiet schooner after you reset the game is it supposed to run for an hour? coz i am still in root shell
nova tide
game ended though
oh ok
login ssh then how can you save connection?
@fossil jackal ask the person who was setting netcat on bread xD ( @hollow stone )
hollow stone
wasn't me, i already stopped playing when you came back, since i patched all privescs i knew about
nova tide
but you didnt patched the one you got in through?
hollow stone
i was just searching for the dreaded 8th flag
nova tide
i got root before the first reset
hollow stone
i added pasta to sudoers and forgot to remove it, then got kicked and couldn't get back as pasta π
i only know of 3 privescs, so i'm probably missing some
hollow stone
just use a touchpad like me
hollow stone
a laptop
tall pike
GGs
fossil jackal
guys please don't change ssh pw xD i'm beginner ty β€οΈ
nova tide
i hope its Hackers xD
guys please don't change ssh pw xD i'm beginner ty β€οΈ
@fossil jackal ok
tall pike
I want to ask about smtng guys did some one finished anthem box ?
nova tide
@tall pike ask in #room-help
tall pike
thanks broo
fossil ledge
hello @quiet schooner I got 2 questions for Hackers, could I DM you?
quiet schooner
I can't promise I will answer them.
nova tide
i got king in 2 minutes but turns out i wrote in king.tx instead of king.txt
umbral dawn
doin koth?
fossil jackal
oh missclicked payload..
mint cargo
lol i was about to ask how did you retain king?
hollow stone
i didn't even try getting it
mint cargo
this was my first koth.. had a blast π thanks guys
mint cargo
so where did u find the 6th flag
yeah someone deleted the plugins.
i added a reverse shell in the wordpress code after that.
fossil jackal
@hollow stone or @nova tide xD
mint cargo
and someone changed shifu's password midway..
fossil jackal
yea
mint cargo
i was like did a ssh then coudn't login
hollow stone
@mint cargo DM me which ones you found, i didn't keep notes, but i'll look through my sessions
nova tide
i didn't even try getting it
@hollow stone my electricity went off after 10 minutes.. just came back
did you reset that game?
hollow stone
yeah, it was reset at some point, but i'm not sure when, since i was staring at linpeas output at the time and didn't even notice
still have no idea how i became king at the end...
nova tide
i think after 30 minutes coz thats when my king timer stopped
well there was 1 vote to reset the box right after it started.
fair adder
how do i copy over the missing binary?
is there a version i must match, or can i copy any version of it
nova tide
static binary
icy cave
gg
mint cargo
yeah someone removed chattr and symlinked to /dev/null xD pure evil lol
fair adder
what folder should I download them from? And i just put them in their desired place and run? @nova tide π
stable horizon
not really pure evil seeing as you can just wget the binaries
nova tide
Google ?
umm just download the binary that you need
and place them in the box where required
fair adder
cough busybox has a chattr applet and static builds: https://www.busybox.net/downloads/binaries/1.31.0-defconfig-multiarch-musl/
quiet schooner
cough I also posted an ubuntu one in #resources
mint cargo
yeah but i did which chattr and it was there. and then after i did the ls -l then i found out what is happening :-p @stable horizon
stable horizon
Still not pure evil, just download the binary
quiet schooner
lsattr
nova tide
mint cargo
lol okay not pure evil. xD it was impure evil
nova tide
yeah but i did which chattr and it was there. and then after i did the
ls -lthen i found out what is happening :-p @stable horizon
@mint cargo also sometimes there are some binaries with the name are available but wont work so gotta replace those
For example chattr in prod
mint cargo
yeah as i said this was my first koth.. didn't comprehend the level at first.
spark holly
Ever played a koth where another person repeatedly sends output to dev/pts/x, and even sometimes output /dev/random to /dev/pts/x. It's just plain annoying, but I guess that's a strategy
mint cargo
yeah I opened two ptys and both got nerfed by urandom today lol
stable horizon
just use tetris
fair adder
@near sphinx @sullen hound gg
fair adder
no idea
it's really hosed too
damn i didnt get a single flag the whole koth
i kinda got the idea what needed to be done but it was already too late π
gg guys
near sphinx
you should enumerate more on your nmap scan
i kinda got the idea what needed to be done but it was already too late π
@fair adder services
fair adder
||there's a nostromo exploit that i can get a shell with, right?||
near sphinx
most probably, go try
near sphinx
you can use framework or manually
fair adder
but it did work 10 mins ago π
brittle merlin
There seems to be a problem for me. I am getting really high latency on the koth machines. Upto 700ms. I can't think of anything. Tried changing the vpn files as well. Can't even perform a simple nmap scan. Any idea what's going on?
fair adder
Only on one machine, or on all of them?
brittle merlin
India. EU-VIP-1
quiet schooner
700ms isn't normal.
brittle merlin
Any idea what's going on? It's frustrating >_<
mellow bough
Is there something I can help you with? If it's a technical program we might be able to help but if it's just general hints on the machine my lips are sealed π
harsh obsidian
Anyone who I can DM about Offline(machine)?
@Mr.Holmes#0980 I've got king and all flags on that box. DM if you still need help.
stiff egret
NVM, I think its resolved.
harsh obsidian
π
random silo
Public game in 3m
random silo
Yes, I don't understand why they do this
brazen cloud
Closed the service or moved it to another?
random silo
This is not fair play
icy cave
closed
random silo
Please, reset the machine
brazen cloud
Send an email to koth@tryhackme.com with the game ID and player suspected. In the meantime vote to reset π
Closing services entirely isn't allowed, changing their ports are.
stable horizon
Anyone up for a KotH?
random silo
Yes!
fair adder
@sullen hound bad form on shutting down a serveice...
stable horizon
After this episode, watching lost
@sullen hound bad form on shutting down a serveice...
And also against the fundamental rules of the game
quiet schooner
@stable horizon @fair adder Shoot an email with the game id etc to the email on the rules page
stable horizon
I wasn't in the game, but I'm sure they'd be glad to
fair adder
well we all agree that moving a service is not against the rules but flat out shutting down the box is basically uncool
there are 2 sides to every story though
quiet schooner
Terminating services is not allowed unless there's another way to patch it