#koth

Just drop the link

Not the join link

*not another way

hey what happened discuss with let it settle in a peaceful way

let me know what wrong have i done

@sullen hound You're not allowed to close services unless there's no other way to patch them

Please read the KoTH rules

ok thanks for that

was a damn good match though

i thought zero was gonna have you

Get him outta here

nobody uses windows looking for an invulnerable system

That is enough @sullen hound
No masquerading as intelligence agencies please.
Also dangerously close to Rule 9

ban him

Sure

Rule 9

Yes but you should at least read the rules before saying anything

Nobody's going to want to play with the person who cheated

Closing ports is against the rules

Breaking the rules for an unfair advantage is cheating

wat

Modifying flags is also against the rules

I didn't say that you did

they flags on lion arent a straight copy paste .. they need editing...

no one messed with the flags they worked for everyone else

You're acting awfully defensive for someone who claims not to have broken rules.

I suggest you stop digging the hole and move on.

I don't even understand what you're asking

I agree with James. Probably best stop digging here...

Has the report been filed?

I think mango sent the email

who made Panda?

hmm

I think that'd be Zay?

can't find him, should I report only to him if I rooted?

@fossil ledge You're meant to root the boxes. You don't have to report it

ok

actually I didn't know how to do it, if I should report to the machine's owner, or if it's automatic

so just asking 🙂

@fossil ledge You're not meant to report it?

At all?

I was just asking, didn't know. Thanks!

@quiet schooner I have further gone into the I hate you hackers box deep hole of resentment... good for you sir!

It's designed to be hard

In order to exploit, you need to understand the vulns

Have fun

Can I quickly dm?

any koth?

@fair adder I might not answer your questions, but you can ask

koth? 24 min till kick off -- https://tryhackme.com/games/koth/join/6232f3be721f4f4c612a8741

Any koth going? I have a thing I want to test; don't care about flags or king

go?

xD

hey does changing password is against the rules

Changing passwords is allowed

thanks about it

is changing permissions of file allowd

allowed

Yes

and using scripts that saves time

Only way to maintain king is scripting

Usually anyway

is it allowed

Yes 😂

Thanks for your Time @dapper escarp

and using scripts that saves time
@sullen hound Do you mean scripts that automatically pwn the box?

no

scripts that changes the king after it is changed by another

Those are allowed

i have a question, if someone is doing the while loop to put his name into king.txt how to stop it?

can i answer this @gusty cradle

Sure 🙂

Nuke their loops

yeah but how to? i did some ps -aux and killed the ssh shells but the loop didn't seem to stop @dapper escarp

try ps -ef

and find suspicious scripts

and kill them

@dapper escarp vim .bashrc ; parrot xD that's so cool bro

thats to some extent for cutom commands

and kill them
@sullen hound will do that in next koth thanks

no Problem

trying hard @sullen hound ?

try harder

xD

now theres no chance you will be in

i m in but not root 😦

and you can not be root

so whats the password

lol

come change your king

why dont you

😆

coz m gonna win

see scoreboard

why do hard work ?

when u can sit and relax

well ggwp

well thats true to some extent

if i wasn't busy you would not win

that you know very clearly

ohhh

okay

Guys I need a hint for hackers room

me too xD

😅

Anybody?

dont sham just ask

Reset

Hackers was designed to be hard.

hihi

You need to try and understand what the vulns for escalation are.

Don't spoil the box.

sorry

But you should reset it now

What??

You removed the hint😅

It was more a spoiler

I'll keep trying

But check out ftp

I just need a nudge

I did

koth? 24 min till start: https://tryhackme.com/games/koth/join/9905fa397c9683bf5115348d

Why doesn't the King Update? I wrote my username in the King.txt, but it did not update yet. Do I need to do anything besides that?

try removing the file and do echo "yourusername" > king.txt

Is it your THM Username?

I did.

try removing the file and do echo "yourusername" > king.txt

Is it your THM Username?
@lusty portal Yeah even casesensitive

Sorry for the ping lul

Are you nxXLeoXxOne?

Nope

Whats your THM username, let me take a look.

Painforpay

There is 2 usernames in the file

Painforpay AND nxXLeoXxOne

It just needs to be your username

yeah thanks

If you read the king.txt's file contents, there are 2 usernames in there.

No problem.

I just saw it

Thank you! it that all?

Yup - add just your username in there, and it will recognise you as being the King 👑

Okay!

why does every command as food user in food koth say not found

is this intentional?

@severe orchid do some research

Shell is a long hanging fruit

oh, thanks

got it, thanks

is shell hikjacking allowed for defence in koth?

Read the rules

If it's not against the rules, then by definition it's allowed

ok

Did you change permission of a flag @severe orchid ?

no

🤔

One of them on food isn't readable by the owner

but if there is a problem, you can reset the box

If you're the owner, you can change permissions though

Doesnt allow me to change perms

Idk, might be immutable

try getting root

then read it

shouldn't be needed unless it's a root flag

stuck? maybe?

@hollow stone or immutable qnd not readable by the owner

it didnt show the machine name in last 60s too (im in that same koth)

yeah

@quiet schooner are there such flags in koth though?

Only if I made a mistake 👀

koth in 3m: https://tryhackme.com/games/koth/join/e395994925fc1bda37906aae

https://tryhackme.com/games/koth/join/e395994925fc1bda37906aae

Why cant i write my username to king.txt :/

It just stays empty

is xxe the right path for panda koth

Are flags regenerated or are they always the same?

Always the same

i think they may change that in the future

Is it intentional that the Wordpress on panda bugs out? the Stylesheet points to panda.thm, all redirects do aswell

You should add the it in your hosts file

and adding ip to hosts is easier overall as well. I always add it

wtf the game is over but i m still in the box xD

@weary marten What is this name ? lol

do you have problem with my name ?

@weary marten No sir, I was just asking.

https://tryhackme.com/games/koth/join/d7e12453e3305496ae8ed852
starting about 10 minutes if anyones up for it

@weary marten it's a known bug, koth machines stay active for a full hour after a reset

why does the wpscan not work

where?

i think its called panda

Is it a wordpress website?

no results are returning

you need to add the domain to /etc/hosts

yeahh

so you can scan it

ooh okay thank you

hey whats app @hollow stone

@sullen hound did you do something to make the machine unreachable? can't even nmap it

didn't you accepted defeat

no

i did't

its on my side

too

what happened

it nots working here

no idea, just lost connection at one point

yeah

what a great machine

and a great match

don't you thing

think

meh, i prefer playing ones i haven't seen before and looking for the flags

this kind of scenario is kinda silly

i have played it

patched it

and see i shall won it

I won

right, gg

the machine is now up

i'm not sure chmoding king.txt to 000 is legal, i think the service needs it to work properly

not sure

thats legal i asked the admins

k, good to know

the service was working properly

thorough

it doesn't depends on it

as you we cant shutdown the machine

because the machine is truely owned

by tryhackme

illegal

lol

no i asked it

that was legal

the language you used there is a little uh

odd

kek

chmod'ing to 000 is a terrible strategy

but he still can edit the file

It shouldn't break the king service, but I don't think you'll get the points

wat

Yeah you just chmod it back

But it's a really bad strategy

Learn to defend

the points were working all the time tho

but yeah, it is terrible

chmod 004

write only filesystem best filesystem

hmm

that feeling

when you're just waiting for a package

nope

what do you think @quiet schooner is it legal though

chmod 000

am i roght

sorry right

you're going to get arrested if you 000 it

I told you yesterday to read the rules.

It sounds like you didn't read the rules.

I am now telling you again. Read the rules.

tell me the link

It's on the KoTH page.

You were reported for breaking the rules

And told to read them

And you haven't

I suggest that you do.

i read them

Then you shouldn't have to ask.

i didnt break any rule

you could challenge me

how is chmod 000 is against the rules

Read the rules

which rule

You're not understanding something

i am

which rule to read 1.2.3.4.5.6.7

which one

All of them

Read them

i read them all

theres not chmod at all in them

and neither i kept the users hardening it

it was working all the time

neither i stopped a service

however i changed passwords which aren't against the rules

neither i made the machine unavailable

neither i modify/deleted the flag

neither i attacked any other user

then you didn't break the rules

like James said before, you're just using a really bad tactic

like

stupid bad

like

I never said you were breaking a rule.

rm -rf king.txt bad

I just told you to read them

ok i have read them

If you don't know if something's against the rules, you don't know the rules

but just tell me one thing yes/no

is chmoding against the rules

you can tell yourself that

you know the answer to that

you read the rules

and you said:

theres not chmod at all in them
@sullen hound

then i can tell it is allowed

Just remember, you're known here for breaking rules after yesterday.

Koth rules are massively down to interpretation

yes i am known

Eg killing someone’s shell could be deemed as attacking other users

i have been killed many times

by other users

they seemed to attck me

It's over bois, we killed the NSA

It’s an example as to how people view them differently

Yeah what's up with killing pts'

You're allowed.

yep

^

establish RCE

But it's a bad strategy

Patch vulns

Don't have to worry about people getting king if they can't get into the box and can't escalate

https://giphy.com/gifs/culture--think-hmm-d3mlE7uhX8KFgEmY

It’s a fallback for when you’ve patched most ways in

I’m working on something that’ll allow me to add other vulnerable ways in but allow@me to patch known ways

please remove the video N3ko its slowing my computer

😂😂

😂😂

yes it is

@dapper escarp That sounds interesting.

Isnt that just a backdoor?

??

I don't know why but I laughed.

Not a back door

Youre adding a vulnerabilty only you know?

For example. Oh this website has a luck feature (we’ll use fortune as example) replace the website with a site vulnerable to something like csrf

@dapper escarp Give me that .gif I just cannot stop looking at it 😆

Youre adding a vulnerabilty only you know?
@unkempt pagoda promotes dynamic exploitation

If I ever get my idea working for a koth box it’ll confuse a lot of people

Ohh you actually want other people to use it aswell

@quiet schooner you told me that i have been known about the report yesterday sent and i know i am aware of it thats the reason why i am asking you everytime for rules

Yeah. Patches don’t have to be just remove vulnerability

@sullen hound If you read the rules, and take maybe 1 minute to try and understand them, you would not have to ask.

Why not make it interesting and leave my own ways in for others to find

That's pretty cool

yeah

anyone know if koth boxes are chosen randomly or is there some weird algo that makes me always play the same ones?

like me specifically

They're random in public games

You can select either a random box or a specific box when you start a game

Due to the nature of randomness, there's a chance you get the same box a few times in a row

As the pool grows, that chance goes down sharply

i agree with @quiet schooner

wat

nothing

Then why say anything?

If you have nothing to say, say nothing.

i am just saying that you are saying right

There are better ways to do that than tagging a mod

ok thanks for that

yoo

server is really gettin populated

be messing me SHELLS!!

What?

2500 users

@cobalt jackal There's a reason that there's a bunch of different VPN servers

you know, it gets annoying when it's this slow cause now I can't even ping the box

@cobalt jackal That's a broken VPN

yup, regenerated it

not my fault

Even killing my telnet connection eh

im scheduled in a koth game but cant load the page i get 404... anyone in there that can send me the game no.?

@sullen hound @slate crow

wanna reset?

i cant access the page how can i reset

what page?

oh nvm

oof

it might 3015

yes it is https://www.tryhackme.com/games/koth/3015

yeah it's too slow, I had to use the browser kali

3 minutes have gone no changes

it's been a long day boys

welp

that's a gg

yeah there's no way you guys can get to root unless you reset

any koth?

I'm actually tryna learn, can you guys give me a hint where can I search for the way in ?

https://tryhackme.com/games/koth/join/e7a294146912e5f6d13748b6

@slate crow nmap

@slate crow KoTH isn't the best place to learn how to access

yeah

no actually I know how to do the enumeration stuff

I'm tryna find out the way you got in 😄

SMB ?

@slate crow Then enumerate the machine, I'm sure you'll find some ways in

can't tell you mate, just look at your nmap

aight

but there's no point in getting to root, I removed certain aspects of some files

unless you find a way then that's up to you

chattr -i king.txt

Might have to copy over a chattr binary

no cheesy strats

@quiet schooner could have done that too :3

@warm chasm what constitutes a cheesy strat apart from the rules for koth?

@cobalt jackal No I attemted to us chattr and got kicked out by the script replacing the chattr binary

And it said to me no cheesy strats

ohh hehe

that's on you

I wasn't implying

yeah

you can do other stuff though :3

@sullen hound @slate crow gg boys

Oh that’s production right?

yeah

lol

I was in another room

lmao

I wasn't even in your room xD

I was playing another public KOTH while talking to you ROFL

wdym? I see you on the scoreboard

did you leave?

ye I just saw it lol

at my notifications

I wasn't even in your room

lol

I joined your KOTH accidentally

anyway gg

xD

lmao gg mate

any1 koth?

https://tryhackme.com/games/koth/join/018bb5fb88b941cb6c19e1fd starts in 18mins

im in

Well thats against the rules:

telnet: Unable to connect to remote host: Connection refused

Someone closed ssh

no no one did

i can still connect

Im not in the same game as you

oh sorry

its mean that it wasn't me

thank god

@unkempt pagoda Given that shutting services isn't allowed, if you know who it is, drop an email to koth@tryhackme.com

Actually, do that either way -- send them the game ID (at the end of the URL)

The admins can check the logs

moving services isn't against the rules

Hmm

Connection refused would suggest its blocked though right?

I think @unkempt pagoda it might be available on some other prot

port

Game ended now, so no way to check anymore

I'll send an email anyway

Thanks

No Problem

@unkempt pagoda Yeah, still give them the game number
They should have the logs

Alright thanks Muirland 🙂

hey wanted to join

https://tryhackme.com/games/koth/join/50348cb2423229e4c9b0fa21

joined just as you got king

yeah

is 8080 down?

yes

who did

should be present over here

thats out of rules

Now both 80 and 8080 are down, guys I understand you might be trying to patch vulnerable services, but shutting down services is not allowed.

@hidden pier It is allowed, if there's no other way to patch them.

@quiet schooner there is a way to patch 80 port

but they didn't do it

Ok, I wasn't saying they did

I'm not in your game.

so they broke the rules

didn't they

sorry NSA i will up the service

@sullen hound If you have to ask, you're not familiar enough with the rules.

That's subjective tbh. There might be a way that they don't know about

@hidden pier It is allowed, if there's no other way to patch them.
@quiet schooner

Since the machines don't have internet, the only way to patch some vulns is to close the service.

i ahve patched port 80 :p

you again turned the port 8080 port off

no its there

ctive Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 992/mysqld
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 8059/nhttpd
tcp 0 0 0.0.0.0:5555 0.0.0.0:* LISTEN 7889/nginx -g daemo
tcp 0 0 0.0.0.0:1337 0.0.0.0:* LISTEN 6411/sshd

now restarted it

didn't you

no i never shutdown 8080 lol

@hidden pier reset the machine to gain access

who shutted down port 1337

there was ssh running on it

yeah i can't get in

wasn't me. I think the machine was reset right before the game ends

GGs guys, it was fun

yeah gg

what could you exploit on port 8080?

will dm to not spoil it for others

why not start a new game

https://tryhackme.com/games/koth/join/9d4920ef1ee620b881af1263

come and join me

5 min remaining

cool might not be able to stay for the whole but eh

eh play fair

at any cost

@viscid girder If I am not wrong you are new to Linux

aren't you

no why>

the patching skills showed

Machine Panda

30s

fair enuff

what

i got to learn more tbh

me too

remember learning never ends till death

sorry i can't finish this game

😄

hey reset the machine

@lilac topaz @viscid girder reset the machine theres a problem

15 mins https://tryhackme.com/games/koth/join/890ac1ca977be400b35540e2

24min : https://tryhackme.com/games/koth/join/dc9b2bfc961d5d9e565cbb0b

https://tryhackme.com/games/koth/join/e72c9011348b25c9c1387427

so im testing smb enumiration script im making if someone wants to join to play so i can test does it work feel free https://tryhackme.com/games/koth/join/4f49fd6890cc1eb8ec41d256

@fair adder Is the script on your github? 🙂

it will be

but its made to work only on windows

SMB can be made to run on Linux, but mostly Windows machines use SMB

i mean i can import platform and make it run on linux if you want 🤷‍♂️

Nah, I just want to review the code 😄

^

sure when its done 😆

@sullen hound can you do nmap scan for me cuz i deleted nmap i forgot on what port is smb

remember my friend smb is always on 445 port

im in

oof ty

what

C:\Windows\system32>net view \\10.10.176.20
System error 53 has occurred.

The network path was not found.


C:\Windows\system32>```

i officialy hate windows

oh my

i forgot to turn openvpn on

haha

lol

sometimes i also do it

there now it works from command line gotta make it work from python now

oh

does anyone know what is it -bash: /bin/chattr: Permission denied
and how to fix it

even as root

i don't know

do you have no hint whats happening

im having some errors rn

and im in class

lol

oh sry

this kinda works but it doesn't at the same time tho

im doing multi tasking xD

hey @fair adder do you know where is king.txt

in Offline Machine

yes

where

when you do smb you can find it in directory named king

so try bash find / d -name "King" 2>/dev/null

i got it and also did echo NSA > king.txt and my name is there but not showing on website

hm

hang on my teacher said something to me

okay im back

so im not sure but check /root/

hey im in windows

oh

i forgot

even after typing echo NSA > king.txt, mY name is in there but not showing on the website

might be it has a bug

yeah maybe idk

if thats a big i have faced it many times

sorry that bug not big

xD

https://tryhackme.com/games/koth/join/72191c8eb9153a4369cd303d

4 min remaining

hurry

jeez its panda

https://tryhackme.com/games/koth/join/fb3544e073ffe3a352f21206 5 minutes join fast im still testing

@fair adder hey see i got all the flags in such few sec

yah gj

i can't wait to show you what i made when its done

really

why dont show me a demo in DM

I wish I have a Fast Computer

my computer is a dumb slow with 2.4 Ghz Core 2 Duo and just 2 GB and 128 MB graphics card

oof

wish i could help man 😦

its done

i mean it works like i wanted it to

why dont you send me a demo or full version

check #general @sullen hound

i can't wait to show you what i made when its done
@fair adder if that's an autopwn, then no

anyone playing koth ?

join public program

ok

@terse willow its really not lol

Good

Here
... https://github.com/alakuajvar/smbclient-scan-for-windows-anonymous-only/blob/master/enum4windows.py

Its made to flex with those formated strings

who's playing koth

Me not

ok

@latent crest are you here

yeah

why not start a koth that will start after 5 min

I'm not a subscribed member

no problem

i will do it for you

oh

do you know how to leave a koth

Options --> Leave Games

here you go @latent crest https://tryhackme.com/games/koth/join/9222b441ceb0b2a72fe5a7dc

join quick

@latent crest ready to play

i am going to win

I'm in....I'm a noob so probably I need your hint

@remote sparrow is also in

in koth hint is not allowed

im in

I don't know how to exploit MySQL so you gizz have a good time

is that ok

Great! 🤣

i can't see a sad face thats why i posted

To make sure he gets sad huh?

no he will became happy if he knows

let me learn about it then I'll join that machine @sullen hound can I ask for some resource ?

@spark anchor can i give him resources

@sullen hound I dont know.

to learn

Ofcourse.

@latent crest just learn primer series you will know what i am talking abou

everything is in that course

and try watching live players stream

uh guys

WHAT! ELF

what is the http port

How did you get here?

i don't have nmap so i can't scan lol

80

its not 80

other one

HTTPS: - 443

remember @fair adder port 80 is for http and 443 is for https

@sullen hound no i mean in the koth you guys are doing

oh

i forgot on what port is http

lol

its not standard 80

i mean it is

but there is also 1 more

Complete the question xD

eh... i go install nmap

SMH

theres http on it

Default http 80 & https is 443

no http on it

no

theres no http on it

im not talking about default @spark anchor

there is one more port i don't remember which one

smh

@fair adder Ok I got you.

which port

hang on let me just install nmap i will run the scan

there ya go

is koth a good way to learn? when you get down the basics?

wait whaa

james is patched it ?

@quick flax Never tried it.

I will today.

nicee

join me at

https://tryhackme.com/games/koth/join/4eb870dc0251765df72ce818

@sullen hound New Koth Game?

what room ?

yeah in 5 to 7 minutes

just join quickly

smh i don't even have gobuster

I have never tried Koth @sullen hound

i will try koth later on today after work

well there i joined

no you did't

@sullen hound What do we need to do?

for what

@sullen hound this is me https://tryhackme.com/p/slavkosmith

oh

okk

That Profile picture lol

9 players in action

What do we need to do lol?

I joined it

you need to have most points

for what @spark anchor

yes and the king

Yes for the Koth

get access to the machine and find flags/make yourself king

don't expect much from me 🙂

I mean how can we win in this game?

Same here @fair adder

after 60 minutes you win

xD

with the highest points

idk im not on linux for now

I have heard we need to change a file to be king?

no

gonna buy my self laptop on 25th may

You sure?

it will be my new cyber weapon

LOL

he joking

Hack NASA with it

just type username in king.txt

Ohhh Ok @sullen hound Thanks.

jk jk

I dont even know if I can lol

i think @spark anchor is new to linux

totally new

reee what room is it?

echo <Username> /root/king/txt

2 weeks experience only @sullen hound

echo <Username> /root/king/txt
@latent crest I know the command, but not the way to get in the system

@latent crest echo <name> > /root/king.txt

no i have greater experience

echo <Username> /root/king/txt
@latent crest ahh thanks man

thats not that way

@latent crest I know the command, but not the way to get in the system
@spark anchor thats the fun part to find out

I think king.txt instead of "/"

I know the command, but not the way to get in the system
@spark anchor same 😄

thats echo $USERNAME > king.txt

offline wtf

yah i kinda missed

my keyboard is small 🙂

jeez its offline...

yes i gonna win at any cost

see you there

Machine is offline lol

well gl guys 😉

LOL OFFLINE

passwords will change

GLGLGL

Get ready to lose still

leave xD

if all are afraid of Offline why not join another

LOL

It is offline sir

no it is online poing it

ping it

now

new game?

get in there https://tryhackme.com/games/koth/join/cc262c9dcdca342de2378678

everyone

no its offline

it isn't

its new one

i dont trust you

you are nsa

ok dont trust me

when i said trust me

others are enough to trust me

get in there everyone new gamehttps://tryhackme.com/games/koth/join/cc262c9dcdca342de2378678

bruh

can you make more koths?

yeah why not

no 😭

what happened

what room is that one

panda

LOL

thats no room thats private game

i don't have any enumiration tools except nmap

here

i can't play it lol

https://tryhackme.com/games/koth/join/cc262c9dcdca342de2378678

who is here to challenge me

is that ok

New room again?

What are you doing?

this is making me laugh

haha

I laughed

no one in there

whom i am with playing

im in there

but you are not ready

oh and one more guy

i can't play anyway

im just watching you guys 🙂

then see take the machine

@sullen hound Mme coming4

startting in 1 hour?

no it has already start @spark anchor

ARRGH NOOO

I WAS CONFUSED

and as always i am king

and all vulnerabilities patched

You have played this.

That is why you know how to get into this.

We are new.

😭

stacking up on streak? @sullen hound

no one here to play with fairlt

yes i am on a streak

wonna play vs me on production?

vhy not

okay

when i get back to debian then we play

uh

when

i can barely do anything with this windows smh

today or any other day

do you have windows

yah im on windows

parrot security maybe..

hang on

im looking at distors olol

hmm

which windows

I hate you NSA

im on windows 10

great is it fully patched

cent os

looks

good

@sullen hound Hey, Why ? 😭

😭

😭

😭

Let us play!

It is my first time

why not

play

Haha

nice joke

Play

i didn't odered you to leave or don't play

everything is yours

You patched it 😭

yeah

being fastest

guide me what to do

sorry guides not working here

thinking wisely might work

and i am opening one vulnerability

now think wisely and act wisely

@sullen hound are you in a koth with me (?)

i'm in a public game and no one is doing anything i think (?) :(

give me link i will see

https://tryhackme.com/games/koth/join/4eb870dc0251765df72ce818

i think everyone else is afk or something

where should I need to focus Samba or tomcat @sullen hound

i don't want an uncontested blue ribbon D:

@latent crest which box are we talking about? they both sound intersting services to take a look at

@valid light Panda

@valid light These guys are beating me 😭

😭

@spark anchor oh no :(

i'm sad that no one is beating me in this public game

That NSA guy is playing for a long time.

And today Is my first day in KOTH

aww man, i'm sure you can do it!

He knows the machine's vuln's.

😭

which machine are you on

i said one vulnerability is still open

panda too?

@valid light give me your koth join link

@sullen hound https://tryhackme.com/games/koth/join/4eb870dc0251765df72ce818

Panda @valid light

@latent crest for Panda, you'll find something interesting in Samba

thanks

@valid light If i am not wrong it is not allowed to give someone hint

oh, alright my bad

but to give someone learning resources

now listen

?

Are you NSA in my koth room LOL

@latent crest and @spark anchor if you want to get in offline machine

I assumed that's you

just make a virtual machine of your own nad try to hack it

if you succeded in hacking it then you would hack it

Nope I'm good here

let me get into the machine

and then see

how its done

?

within seconds

which machine are y'all talking about

OFFLINE

i didn't patch anything

you can get in

i don't want to patch anything

why

it's not fun

no one's got any flags

now go and see the page and see how i am going on astreak one after another

1st flag

got

good for you

sec flag got

third got

Why do I think that @sullen hound you have stored flags in a notepad file? You got 3 flag within 10 seconds. Not possible.

@valid light Is it that easy?

because im the fastest in offline

4th one got

@spark anchor yep really easy

---___---

5th one got

only three remaining

someone messing with me

what a surprise

got another one

got another

LOL @weary kindle

got the last one

thats how game is played

now changing users password

So what you're telling me is KoTH is a game about bragging in as special discord channel? I've been playing wrong this whole time! 😲

@sullen hound how do you have 9 flags? there's only supposed to be 8 (?)

i am also astonised

what happened

really what is that

LOL you tell me

might be that game error

or either i pasted other machine flag into it

in hurry

So you store flags? 🙂

So you just have a text file with all the flags then?

no you can check

me

i was hacking two machines at a time

one was panda

and one food

and other this offline

That's three...

That's three machines

yeah

@sullen hound You said you were hacking into two machines?

ok sry for that

Ah yes, the great gigabrain strategy of playing 3 games at once when you can only join 2 lobbies at a time

3 one ended

now how can i restart it @weary kindle

wpscan --url 10.0.2.4 --wordlist /root/Desktop/rockyou.txt --username po is my command alright ?

seems right

dear that commands only work if there is a wordpress on that site and a login functionality enabled

@sullen hound btw did you think you kicked me out lol

you didn't

just saying

on which game

does anyone know how to priv esc in panda

i mean get shell from wordpress

as po

@weary kindle remember I can hack things very quickly but forget them within seconds

...

bruh

offline lol

@severe orchid hmm i'd like to try tbh

dear while talking i changed all the password of the machines of offlines

you think i would let you take a shot at it without persistence

lol

in which machine tell me and link

lol doesn't matter

8mins to end

offline

-_-

I got 1 flag

lol

the thing I dont know is how to became king in Offline Maching

@spark anchor try more you will find all of them

@spark anchor Panda? how much longer is that room available for ?

round about 13 minutes

mm too short

lemme know if y'all playing another game

YESSSSSS !!!

I am getting sommething in me now

nice!

https://tryhackme.com/games/koth/3071

@viscid girder send invite link pleasee!

give us joining link

^

https://tryhackme.com/games/koth/join/8a68a27868664ce4c59025a1

im in

try wpscan -h

too see what argument are you passing wrong

i am going but will be back soon

https://tryhackme.com/games/koth/join/eb1b2f8eb36f2c44ae21b7e9

ok

The king file cant be altered. Any help? I have root

@fleet apex what are you trying and what's the error?

I am trying "echo Painforpay > king.txt" but the contents dont get changed. I dont have an error

someone might be overwriting it, you're not the only person in the game

yeah, i think its a script

But how can i stop that?

find it and kill it i guess

i'm pretty sure someone removed and messed with the flag

lol

i voted to reset

🙂

was it you XD

sorry im late

where

yeah

we've reset it