how do u guys usually find patches
#koth
quiet schooner
Good luck doing that with no internet
scarlet pike
oh
quiet schooner
You need to understand the vulns
A lot of the KoTH boxes have custom code
Normally you can remove the vulns from that
Or replace the service with something functionally equivalent but not vulnerable
quiet schooner
Eg there's a webserver with RCE? Replace it with a python webserver that serves the pages just the same
scarlet pike
if u replace it
quiet schooner
Languages like PHP are interpreted
Not compiled
Some boxes have the sourcecode for the services on there.
scarlet pike
ohhh
if we apply a patch that doesnt work
like the
service wont start
we just undo it and thats fine right
quiet schooner
Then you're in trouble ๐
scarlet pike
ye
sturdy plank
@errant yarrow are u in the KOTH???
keen raven
oeps
nova tide
you are late
keen raven
sorry was an accident
worthy isle
Hey! Anyone down to play koth in public? Nobody is playing rn :c
nova tide
@worthy isle i would love to but rn busy with friends
worthy isle
Np ๐
errant yarrow
@sturdy plankyes
scarlet pike
anyone wanna play koth public?
i wanna try it out for the first time
:DDD
@worthy isle
worthy isle
Im doing a private game finally
scarlet pike
ooh ok
worthy isle
But u can join
Itโs on another discord server tho, I can send you the link in dm if u donโt mind
@scarlet pike wanna join?
scarlet pike
sure
worthy isle
Cool
fair adder
wary jolt
@fair adder OP pls nerf
fair adder
nova tide
who is that b14ckdz ?? in koth
nova tide
gg
fair adder
how many ways in to shrek?
nova tide
how many ways in to shrek?
@fair adder atleast 4 that i know of
tardy gull
When are we getting a new room?
nova tide
its been like 10min and the machine is still on
@fair adder after reset machine stays up for an hour
fair adder
O.o
nova tide
When are we getting a new room?
@tardy gull Cryclic working on a new windows machine for koth i think
latent quest
Oh boy. Windows is fun.
stiff egret
Whats with everyone going THM's Official? @nova tide xD
stiff egret
I am one more Offical user away from changing my nickname too ๐
quiet schooner
Disclaimer: Not official.
stiff egret
xD
Pretty cool way to look official tho lol
Any mod I can DM about something? (Probably important(?)) (Its about site)
fair adder
Iโve never done a KOTH but always have wanted to. Any tips?
gusty cradle
There's a tips section on the KoTH page. ๐
stiff egret
Probably a spoiler TIP for KoTH @fair adder ||TIP: Always rename/remove chattr binary.||
weary marten
your goal is to write your username on king.txt xD
stiff egret
Initially, yes, but once someone is IN the box, the goal is to maintain your username in king.txt. As long as its in there, you are winning.
Your goal is to root it and prevent others from rooting, correct?
@fair adder
stiff egret
xD
livid dagger
@stiff egret Yeah, someone on one of the machines left some executables and I took advantage to download them
chattr was one but can't remember the others
gusty cradle
๐
stiff egret
Unless snaps are removed, ubuntu machines will have a chattr in a snap
@quiet schooner I thought that was coincidental!
quiet schooner
I think it's the core snap that's used in the installer
stiff egret
intended?
stiff egret
Snapd is annoying, I've started removing it
@quiet schooner true that tho
quiet schooner
You can just copy an ubuntu chattr binary over though, about as easily
stiff egret
I mean, it's not unintended?
@quiet schooner I mean, I thought creater would remove those purposely
quiet schooner
I mean, some do, some don't
Snapd takes up like 80mb or something so I purge it
As well as LXD to avoid that privesc
late stratus
urghhh playing KOTH against @livid dagger is so depressing.... 15 mins in and the machine is completely patched....
livid dagger
sorry, Fortune is pretty easy
I only patched one entrance though
there are 2-3 other ways that I know of
late stratus
I think I might request a staggered start feature.... the more points you have the later you start... I need at least a 10 min head start on you! :p
late stratus
do you think that would be fun! ๐
livid dagger
maybe hehe
make me have a stress attack
you have a chance
I have not done this one LION
fair adder
Initially, yes, but once someone is IN the box, the goal is to maintain your username in king.txt. As long as its in there, you are winning.
@fair adder
@๐๐ป.๐๐ธ๐ต๐ถ๐ฎ๐ผ#0980 thanks for the answer. Is king.txt allowed to be moved around?
@stiff egret
Sorry it didnโt ping you
quiet schooner
@fair adder No, if you move it you will break the king service and no one will get king points
fair adder
Okay, thatโs why itโs worth asking. So I canโt affect the txt file at all besides editing it
fair adder
So I can edit the attributes
quiet schooner
Immutable
fair adder
Thatโs what I was hinting on lol
quiet schooner
I mean, there's not a rule against it and it won't break anything
It's included as a "people often do this" on the website
fair adder
Okay, so itโs basically outsmarting people while on a time constraint
quiet schooner
Boot them out the box, patch the box, sit back and relax
fair adder
I have an idea but it will be a huge spoiler if I send it here, mind if I DM?
livid dagger
is it against the rules to run a command that writes on the opposite users terminal?
fair adder
I think that would count as hacking other players
Which is against the rules
It seems only thing you can do is mess with the machine itself
quiet schooner
It doesn't count as attacking other players
because their terminal sessions exist on the KoTH box
livid dagger
ok
late stratus
wow the king.txt is locked down well in this current game... hmmmmm
stiff egret
Probably a spoiler tip ||lsattr /root/king.txt ||
late stratus
couldnt get "that" executable to work...
tried uploading but wouldnt run... couldnt download... zzzzzz
livid dagger
so, who is using an autoexploiter for root?
gloria@lion:/tmp$ ls ls bash: /bin/ls: No such file or directory gloria@lion:/tmp$ ./cve ./cve [.] [.] t(-_-t) exploit for counterfeit grsec kernels such as KSPP and linux-hardened t(-_-t) [.] [.] ** This vulnerability cannot be exploited at all on authentic grsecurity kernel ** [.] [*] creating bpf map [*] sneaking evil bpf past the verifier [*] creating socketpair() [*] attaching bpf backdoor to socket [*] skbuff => ffff88003cbfcb00 [*] Leaking sock struct from ffff88003b675c00 [*] Sock->sk_rcvtimeo at offset 472 [*] Cred structure at ffff88003a1d6480 [*] UID from cred structure: 1002, matches the current: 1002 [*] hammering cred structure at ffff88003a1d6480 [*] credentials patched, launching shell... [!] exec No such file or directory gloria@lion:/tmp$ ls ls bash: /bin/ls: No such file or directory gloria@lion:/tmp$
livid dagger
isn't that kind of against the rules?
late stratus
oh.... is it?? its a vulnerability???
livid dagger
not saying it's wrong I didn't know it was a vuln but if it gives you root privs, I thought it might be like against the rules because it works like an autoscript
late stratus
oh....
livid dagger
also, earlier who shutdown the port 1337?
quiet schooner
It's not against the rules though
late stratus
haha I though that was you!!! your normal trick ๐
late stratus
hahaah... the last game you closed 22!!
quiet schooner
Writing a script specific to the box that will hack the box when you should be doing it manually is against the rules
livid dagger
no I didn't
quiet schooner
Moving services is allowed but poor defence
livid dagger
@late stratus there you go! Mod just answered my question
late stratus
that one is on exploit-db
quiet schooner
Grabbing someone's exploit for a CVE is just fine
That'd be a nightmare otherwise
late stratus
livid dagger
so then this ^^ vuln would it be considered auto-"hack" or not. I'm just curious to know because in that case, I would have used it also
late stratus
Im confused too
livid dagger
ok. Well, I have the cve downloaded for next time ๐
late stratus
haha you dont need anyhelp!!! (ps you owe me one ๐
late stratus
I'm such a novice... just trying to learn as fast as I can
livid dagger
well, you learned that one fast!
also, FYI, I had not done that one ๐ it was fun though
late stratus
sooo.... how was the king.txt locked down?? it was empty half the game and I couldnt chattr it..
livid dagger
not sure
I saw you had a script that looped your name into it but when I did it, nothing happened
king was empty after my .sh ran
late stratus
there was a koth binary running but strings gave me nothing
livid dagger
yeah, don't ever delete it
quiet schooner
There's a KoTH service running on 9999
The code for the KoTH service running on most of the boxes is open source
late stratus
oh is it called koth?
quiet schooner
It's a systemd service called koth
Yeah and the binary should be called koth
You're not allowed to mess with that service
late stratus
oh crap.... sorry!! i might have screwed it... I was furiously trying to get king... apologies....
the king.txt file was still blank...
livid dagger
looool now I know why I couldn't add my name haha
well, actuall that service and the .txt don't have much in common only that the service reads the content from the file
livid dagger
basically I guess?
late stratus
the file was still locked down somehow
livid dagger
you might have locked it somehow?
late stratus
did someone screw with the "echo" binary??
so that it doesnt echo to king? that would be a sweet mod
echo to everything else so looks normal
livid dagger
or whoever this is (https://tryhackme.com/p/b14ckdz) is the one that was messing with the machine
because also, I notiched that lot's of things broke when I was in it
I have to go. Be back later
late stratus
yep lots of normal services were borked
livid palm
boutta try my first king of the hill against one other person ๐ช https://www.tryhackme.com/games/koth/6201
in 3 mins if anyone's trying to get an easy W
sudden beacon
livid palm
Is it ok to turn off ftp anonymous login?
I'm not able to yet, but stuff like that sounds within the realm of patching
hazy zodiac
no idea
livid palm
But you're the official tomato! If you don't know, who will?
quiet schooner
If you're on hackers, there's a much much much better patch
livid palm
I'm sure there's a million better things than what i htink of
I don't even know if this other person is playing...
still fun tho
hmm, i'm so conflicted on what's over the line, even if i'm not really playing against someone...
winged charm
youโre pretty much good to patch any and everything except for the king service on port 9999 as long as you donโt make the service unavailable. A general rule that Iโve heard referred to is as long as the box stays that a regular user with good intentions can use it as intended than it is fine and is within the rules. @livid palm
livid palm
mind if i ask a specific example?
quiet schooner
Website with an RCE command injection vuln
Good patch? Replace the webserver with a python http.server
livid palm
lol
quiet schooner
Still usable, but no vuln
livid palm
does it serve the same content?
anyway, this is a service that executes stuff as root but with a char limit
shorten the limit? Turn it off? What's the potential "good intention" that a user would need that for. I'm 100% overthinking for this round, like i said
quiet schooner
decrease char limit to one char? Change it to a useless user?
I mean I think you can justify disabling that
livid palm
and I'm sure this comes up all the time
thanks for the input ppl
woohoo first W :king:
vital shadow
nova tide
Why people left?
nova tide
yeah sure you can DM me ๐
sharp harness
livid dagger
how long does it have left?
nova tide
prob over now
nova tide
@livid dagger in your website link to your THM account is 404 page
stiff egret
spectate link?
@stiff egret ^^
nova tide
btw nice name xD
stiff egret
ikr! ๐
nova tide
spectate link?
@stiff egret i think the game is over though
this is one that is running atm
https://tryhackme.com/games/koth/6226
stiff egret
awesome
nova tide
here is another game starting in7 minutes:
https://tryhackme.com/games/koth/join/e00ce2d7014d6dc23ecdc51e
stiff egret
bummer got some issues to resolve, will join you guys later
LOL
F
Will update it on github lol
stiff egret
i want to see it in action
@nova tide I'll screenshare lol, I aint gonna show that in public stream ๐
worthy isle
Hey, currently playing KOTH on game 6226, just saying, if the other players are seeing this, closing SSH is illegal XD
stiff egret
Hey, currently playing KOTH on game 6226, just saying, if the other players are seeing this, closing SSH is illegal XD
@worthy isle LOL
It isnt.
worthy isle
Huh?
nova tide
closing port is. but not if you replace it with some other port
stiff egret
You can patch any service, and that includes closing it, IF its un-patchable (is that a word?)
worthy isle
Yeah but they haven't replaced
They have killed the port
But the box has reset now so it's ok
terse willow
livid dagger
@nova tide Probably because of a name change I did. Not everything has been updated yet
I just checked it and it works fine
Oh, I see what you meant. The link at the bottom. Not the link in the widget
livid dagger
fixed
near sphinx
now its working xD
nova tide
well it was a fun game with you.. my electricity went off and just came back
the one mistake you did was you were writing your name after my name in king.txt
so none of us will get points
you have to replace mine and enter yours
nova tide
well i was trying something new out.. if i was using the old method you wouldn't be able to append either
chattr is the binary that makes the file non-writeable/editable
near sphinx
i like your trick, added to my arsenal ๐
so chattr is built in binary inside the box?
dangit im sweating, glad it ends xD
nova tide
๐
wary jolt
How can we report or where can we report if something illegal in koth happened?
quiet schooner
Check the rules on the page
nova tide
coral sage
do koth private games have a player limit?
nova tide
10 is the player limit for koth
coral sage
thanks!
wary jolt
Thanks!
oak jacinth
How many games of KOTH do you have to win to get badge
livid palm
I got a badge after one win
oak jacinth
I won one and I didn't get badge
fair adder
is there only 3 ways to user and 2 to root in lion?
livid dagger
don't know
sturdy plank
anyone want to play koth??
oak jacinth
In a min
thick coyote
warm trellis
@oak jacinth Everyone just left us :(
warm trellis
I ended up not bothering, got caught up with some school work lol
stiff egret
LOL
celest pewter
Me too
rich nexus
Anyone on Shrek just now?
sinful field
late stratus
game starting in 3m!
rapid kiln
latent shell
I'll be posting the invite link at around 5:30 PM BST :) , if you have any questions please don't hesitate to DM
lusty portal
Awesome:)
latent shell
scarlet pike
is having a bash loop to kill shells legal for koth
also @latent shell how many people per team
stiff egret
@scarlet pike Qualifying match (i.e. today), will be of solo players type.
scarlet pike
oh
stiff egret
is having a bash loop to kill shells legal for koth
@scarlet pike Dirty trick, but yeah, legal. (As far as I know.)
stiff egret
No, all matches from week 2 onwards, are team based.
stiff egret
Oh yes, sorry, my bad. Guess I am missing a coffee.
stiff egret
I'll just make sure. Gimme a minute.
Yes. Matches in Week 2 are also solo. @scarlet pike
scarlet pike
oh ok
serene bay
Guys the KoTH July Starts in 1:10 hour mins Be Prepared ๐ All The Best
latent shell
2mins to go :3
Hello everyone,
Here are the links for our first match of this SECARMY KOTH July Event,Please DM me once you've successfully joined the lobby!
Invite Link: https://tryhackme.com/games/koth/join/0b8ad459070e24195f3435a0
Spectator Link: https://tryhackme.com/games/koth/6351
@lusty portal lobbies filled within 5 seconds 
stiff egret
@lusty portal lobbies filled within 5 seconds :0_KEKLaugh:
@latent shell 5? I bet that was 2.
Some really great players in that lobby
Yeah, gonna be fun. We got some plans to, hopefully keep it as fair as we can.
latent shell
Those who have joined the KOTH lobby please do message me! :)
late stratus
anybody streaming this KOTH?
latent shell
yeah but its happening in our server :)
i mean just the scoreboard though
i have attached the spectator link :)
we will have a reset every 15 mins so in case something gets patched you can have a chance again
serene bay
Well the match is pretty tough by the looks of thing only 1 flag till now 
chilly shore
Room is full sad ._.
latent shell
another match of our first week happens tomorrow at the same time. You can try joining :)
late stratus
is it first come first served?
latent shell
yep
late stratus
it would be cool for this to be streamed...
latent shell
just the leaderboard tho :)
nova tide
I wasnt even root yet and there was 2nd reset. The ip is not even up and ppl are voting for 3rd reset???
I am out ๐
wary jolt
Lol
gusty cradle
I haven't played KoTH in months
nova tide
well imma stop playing as well.
Till KOTH teams update comes up
mint cargo
uu naughty is saying this, that means serious
latent crest
any hint on Production ? It'll be very helpfull
fair adder
someone probably changed it
latent crest
oo is there any other way to get into the mechine ?
full grove
yes
quiet schooner
3-4 initial access, 3-4 privescs. Or more.
fair adder
szyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
serene bay
scarlet pike
is there any way to get past excessive shell killing
if they do nothing but watch ps aux and kill shells within seconds
is there anything u can do
cuz that seems like a very braindead but scarily effective defense
stiff egret
@scarlet pike well, make a one liner urandom missile, and send it as soon as you get in the box. They will kick you but in a few secs that missile will hit. And next time you connect, they won't be in the box.
stiff egret
@scarlet pike Also, you can try to make a loop with sshpass , to send missiles in loop.
scarlet pike
as a background job
stiff egret
Well, this is how you can kill background loops. ( Be it kill loops or king writing loops )
killall bash
killall sh
@scarlet pike
scarlet pike
ohhh
ye i use those to kill king loops
so u would go in and killall bash
then go in again and missle them
and then u can get in
stiff egret
Yes, so In the one-liner when you add urandom missile, add these too.
scarlet pike
ohhh
stiff egret
@scarlet pike yeah.
scarlet pike
makes sense, thanks
stiff egret
โ๏ธ
scarlet pike
i find it hard to believe there isnt a foolproof defense
that doesnt require firewalls or DoS
or closing ports
stiff egret
@scarlet pike There are, some evil tricks.
scarlet pike
like what ๐
stiff egret
Like once you are sure that you have a backdoor setup, then you can just silently add a ; or any random character to /etc/sudoers.
That will almost destroy all Priv Esc from sudo.
scarlet pike
ye
but is there a way to like
stop all incoming shells
completely
that isnt beatable
stiff egret
That's just superman defences, and no point playing a game in that if there is no fight.
stiff egret
Like the fun in KoTH is the fight part.
supermans are banned right
@scarlet pike yep, most of them.
scarlet pike
cuz i thought they just said no closing ports or services
and no firewall
so couldnt u make a superman defence that didnt include those things
and it would be legal
stiff egret
There's this another dirty/smart method to stop writing in King.txt
scarlet pike
other than chattr?
stiff egret
chattr +a king.txt
stiff egret
So even if people make it mutable
scarlet pike
its even in the
stiff egret
They can edit it.
scarlet pike
ohh
stiff egret
Yeah, everyone tries to do this,
chattr -i king.txt
But since the file is append only
stiff egret
ikr
stiff egret
Or things like this
mv /bin/echo /bin/.myname && cp /bin/true /bin/echo
scarlet pike
ye ye
ivee heard about binary moving
is there a complete set of static linux binaries i can get somewhere
stiff egret
That will also make while loops useless. Since most of them just try to echo things.
stiff egret
Yeah.
latent shell
2 hours to go for the second match of week 1 for the SECARMY KoTH July Event. I will be sharing the link here at 10:00 PM IST or 5:30 PM BST
nova tide
@latent shell will it be posted here first or in your server?
latent shell
We'll be posting it on both the servers at the same time and if not there would be a 1-2 second difference
nova tide
aah its going to take 18 minutes.. i will have to prep for the compeitition so imma leave
scarlet pike
oh rip
oh yeah the competition
shit i wanna try tday but i feel im gna die
do they do the usual boxes
or are there special boxes or smth
or is it just a normal game
nova tide
well the difficult part is to get in more than getting king ๐
latent shell
Hello everyone,
Here are the links for our second match of this SECARMY KOTH July Event,Please DM me once you've successfully joined the lobby!
Invite Link: https://tryhackme.com/games/koth/join/02c6ea99c3ef27254ac57090
Spectator Link: https://tryhackme.com/games/koth/6403
those who joined today please ping / DM me
livid dagger
how the f*ck in less than 10 minutes you get access and root to the machine hackers? The most difficult one there is
quiet schooner
You can do it in under a minute easily
short tusk
Funny joke 
livid dagger
well, more than 1 minute
short tusk
Practice makes perfect
livid dagger
because you have to run the nmap scan and then, you can see where the way to get in is
then, the time to bruteforce the credentials
livid dagger
umm,,, I do
short tusk
If thereโs a website run a gobuster Scan, guess some directories
quiet schooner
well, more than 1 minute
@livid dagger I can do it in a minute
late stratus
I was playing this KOTH and you def need prior knowledge to root the macine in minutes...
livid dagger
I can to if you know already what you are looking for
late stratus
a true competition would be a new VM no one has seen before...
yea exactly but only if you know what you are looking for .... I know 2 ways into the machine... and 1 way to privesc
livid dagger
no, the thing would be that the requirement is to generate new credentials (passwords not usernames) for everytime a machine resets
late stratus
ok so its a game for whoever can type the fastest! lol
quiet schooner
no, the thing would be that the requirement is to generate new credentials (passwords not usernames) for everytime a machine resets
@livid dagger This is implemented on some boxes
Fortune was the first, closely followed by hackers
sturdy plank
because you have to run the nmap scan and then, you can see where the way to get in is
@livid dagger
this guys dont scan because they knew all vuln before
sonic belfry
Do a blind KotH, meaning players don't know which machine is the target.
livid dagger
that would be even better
not putting what name of the game would probably make it more difficult
for if anyone has saved data like ssh logins, id_rsa or whatever
quiet schooner
Except you can find that information more or less instantly on nmap
That's why it was added
stiff egret
I don't think KoTH is for beginners.
Goal is to root a box in a race within 1 hour.
You need some prior knowledge for that.
That was for those who are saying you need to know the machine beforehand.
Do a blind KotH, meaning players don't know which machine is the target.
@sonic belfry that's definitely worth a upvote.
nova tide
in koth not all the ways are closed 90% of the time... even in todays competition there was one way to get root available for whole 1hour that no one patched.
Also it was a fun KoTH match after sooo long... Thanks to the Event Organizers โค๏ธ
livid dagger
why is this happening?
root@gibson:~# cat king.txt
root@gibson:~# echo Th3J0k3r >> king.txt
root@gibson:~# cat king.txt
root@gibson:~#
gusty cradle
Looks like someone is overwriting your file
livid dagger
but no one is in that's the thing
now I go to the thm koth site game and see this
and in the terminal, I see this still
root@gibson:~# ls -l
total 6420
-rw-r----- 1 root root 0 Jul 5 18:33 king.txt
-rwxr-xr-x 1 root root 6566663 Apr 30 00:59 koth
root@gibson:~# cat king.txt
root@gibson:~#
WTF?!
quiet schooner
lsattr king,txt
livid dagger
root@gibson:~# lsattr king.txt
--------------e--- king.txt
root@gibson:
not familiar with that command thouhg
quiet schooner
Someone's just overwriting it then
File attributes, 
There's a nice wikipedia page on it
livid dagger
looking at it now
I figured out a way to do it
ok, I thought I did but nope
oh well, gotta read the wiki
BTW, the file I was trying to append my name to, I found out it was the wrong file where you were supposed to put your name
maybe
quiet schooner
/root/king.txt
livid dagger
so I wanted to ask, can the king.txt file be in a /home/<blah blah>/king.txt ?
because in the challenge above, that was the case
I believe
livid dagger
so then that was a rabbit hole then I guess
well, not literally but in a way it was because it would make you think that
IDK, I just happen to see a king.txt file in a users home directory
and when I appened my name to it, it stayed
stiff egret
so then that was a rabbit hole then I guess
@livid dagger Someone trolled you.
nova tide
@livid dagger its better to use
echo Th3J0k3r > king.txt
instead of echo Th3J0k3r >> king.txt
As there are other players as well who will be writing their names in and if you append your name it will be like:
cat king.txt
Naughty Th3J0k3r
So none of you will be getting any points
livid dagger
yeah, I did that @nova tide
but there is another box that if you do >> instead of > it will put your name since > wouldn't work
maybe because of permissions but I'm not familiar witht that
nova tide
@livid dagger most likely because someone must have done chattr +a king.txt if you were to lsattr king.txt you can see whats going on.
Try reading more about chattr binary
so if you want to add your name using > so you need to use chattr -a king.txt and then echo 'Naughty' > king.txt
chilly shore
in koth not all the ways are closed 90% of the time... even in todays competition there was one way to get root available for whole 1hour that no one patched.
@nova tide whatโs way to get root?
nova tide
get rev shell >> privesc ??
chilly shore
โprivescโ โ suid ?
quiet schooner
Suid is one of many many many ways you might be able to privesc
wet pendant
i'm game! joined!
primal field
ok
deep jolt
https://tryhackme.com/games/koth/join/53d8c3e75d4bfed81ddf1e43
@deep jolt 6 mins to go guys
short tusk
Aw damn Iโd join but I donโt like KOTH
rotund topaz
you have
16 minutes to think about it
we can vc if you want
uh oh
I spoke to soon
of all the people to join
short tusk
HA
rotund topaz
do you know who he is
short tusk
I believe you can beat them
rotund topaz
he looks slightly intimidating
short tusk
No I do not but I know who the NSA are so..
rotund topaz
Spam vs. US Gov.
should be a pushover
oh no
it's a windows machine
OH NO
ABORT ABORT
rotund topaz
no website
trying to exploit the smb now
just no practice on windows
not gonna end well
serene bay
it alway's like this 
warm trellis
Iirc the only windows koth box is offline?
Still yet to give it a go, lemme know how you cope with it
stiff egret
Iirc the only windows koth box is offline?
@warm trellis it's literally as the name goes, offline
I get the concept and it's nice, but windows in general is too slow. Plus there is always someone trying eternal blue on windows. So that ruins the fun.
warm trellis
Yeah, i saw optional give it a go and it didn't look too fun lmao
rotund topaz
Plus there is always someone trying eternal blue on windows. So that ruins the fun.
@stiff egret
purely hypothetically
what's wrong with running eternal blue on windows..
winged charm
if you run the wrong one you blue screen the box and it wonโt go back up unless you reset it from thm
teal field
slate crow
no, lol
slate crow
feel sorry for Snowden
slate crow
gg bois
rotund topaz
@teal field gg
slate crow
nicely done
rotund topaz
mve was gaining
warm trellis
omg
rotund topaz
wanna vc
warm trellis
i joined with 20 seconds left ๐
rotund topaz
I beat mr snowden at least
warm trellis
didn't even get to boot my laptop up lmao
rotund topaz
rip 
slate crow
lmfao
rotund topaz
I think Dalist kept booting me off
slate crow
no it wasn't me, lol
slate crow
I was tryna find the last flag ๐
rotund topaz
nice, I got 3 in the end
how did you get footholds on the other two accounts
could only see the file upload
slate crow
yeah
warm trellis
there's the default privesc iirc
rotund topaz
what was the duku privesc
nothing in sudoers
so I died
not getting linpeas in there
slate crow
wait, how do you get verified here ๐
rotund topaz
you have to tell me how to privesc
then you get it automatically
the bot messaged you what you needed to do at the start btw
rotund topaz
hmm can't remember
I wanna know the footholds for the other web ones
I was poking around in /var/www/html and saw something about isset($SESSION)
so didn't know if that was included
warm trellis
lemme check my notes
isn't carnage the box which has root running on a tmux session?
yeah, @rotund topaz i'm 99% sure the priv esc for carnage is through a tmux exploit
rotund topaz
Alright, thanks mate
I'll look into it
I really need to start making better notes
rotund topaz
@alpine yoke stop wiping the board ๐
alpine yoke
@rotund topaz Oh, man. I just got the pass with hydra and then block all the ports and change the flags ๐
nova tide
@rotund topaz Oh, man. I just got the pass with hydra and then block all the ports and change the flags ๐
@alpine yoke everything you mentioned is against the rules.
stiff egret
๐
alpine yoke
@nova tide really? i was just trying to defend the machine. i'm begginer on THM. sorry for this, so
alpine yoke
yeah, thx
rotund topaz
that would explain why I was struggling to break in ๐
livid dagger
LOL
quiet schooner
Anyone remember the file path for the Offline KoTH king file?
full grove
C:\Administrators\some folder\
quiet schooner
Desktop?
fading nymph
@quiet schooner some custom directory on c:/users/administrator/
quiet schooner
Welp that's not going in the documentation then
fading nymph
we need more windows boxes for koth here, that file path would be the standard then
quiet schooner
You can set a standard with the existing box.
fading nymph
it's mostly the pioneer imo, it's a good filepath thou ๐
stiff egret
we need more windows boxes for koth here, that file path would be the standard then
@fading nymph please no.
quiet schooner
Sounds like someone wants more windows content too
stiff egret
๐ Seriously, I am not good in windows, but in my opinion, KoTH is really, um, hard/(?) in windows.
I don't know if this is just me.
But if you connect to a user with RDP, no one else can connect then.
slate crow
where's the meterpreter gang at ?
stiff egret
Key of the sentence being that.
full grove
thats why SSH, WinRM and others are open ๐
fair adder
Welp that's not going in the documentation then
@quiet schooner c:/users/administrator/king-server/king.txt
pretty sure
short tusk
James is sleeping
late stratus
nova tide
when i copy paste flag it dont work for me
@sturdy plank flags could also be encrypted
late stratus
zzzzz... https://tryhackme.com/p/AsafDamn .. just reboots the machine every 2 mins after he goes ahead in points.... boring...
quiet schooner
@late stratus There is a report email on the page
Please use that, rather than complaining here.
late stratus
it was more of a warning for anyone else joining a game with this user...
quiet schooner
Report them.
hazy zodiac
i think KOTH already have a rule about that tho
Show the number of times the box has been reset in a game of KoTH and add to the rules that it should only be reset if a rule has actually been broken
quiet schooner
...Yes, that's what I was saying
But reboot != reset
Constant reboots is 100% a DoS
hazy zodiac
maybe maybe
quiet schooner
I mean, it is.
hazy zodiac
add a automatic reset when the machine is broken
quiet schooner
How would you detect the machine being broken?
hazy zodiac
and dont let players reset the machine
quiet schooner
How would you detect the machine being broken?
@quiet schooner
hazy zodiac
or
quiet schooner
Resets are not the problem here.
Restarts and resets are different things entirely.
hazy zodiac
oh
sturdy plank
@sturdy plank flags could also be encrypted
@nova tide
no-one encode that because i can see {thm} in flag. the flag didnt encode by any-one
sturdy plank
so please add a rule that dont reset the machine when paths are patch
we are two people in koth
quiet schooner
A rule against abusing resets has already been asked for
quiet schooner
Have you read the rules?
sturdy plank
i read it about 3 weeks ago
stiff egret
Maybe a check script to keep checking if the flags are correct and in place, and if they are not then the script initiates reset?
@quiet schooner
sturdy plank
yes but write it in #544951750801752079 @stiff egret
grand ember
to do so the koth binary would need to have all the flags locations or to get the locations from somewhere which isn't ideal because the players are supposed to find them
another way would be to use an autopwn script from the thm side but still, that would lead to many false-positives just because the box was patched
if there are different ways you think it could check for that i'm all for it but it shouldn't make finding the flags easy nor result in any false-positives
sturdy plank
so i think its better to use a input box in koth page that u input ur koth ID then will select options and will send report to mod of websites @grand ember
grand ember
something like this would make reporting a lot easier but i'm sure it'd also produce a lot of false requests
sturdy plank
but the creator can check what happend i think??
grand ember
with koth it's not the creator that checks
sturdy plank
because we use vpn and vpn can say what we do
grand ember
yeah, admins can check the info they have on the game
sturdy plank
so do i must to write it in #544951750801752079 ???
grand ember
i guess you can post it there
grand ember
sure
sturdy plank
@runic compass are u afk??
fair adder
@sullen hound constantly resetting the instance to block me from getting points... shame on you :b
nova tide
He got unbanned from discord? ๐
grand ember
I think so?
gilded prism
@slate crow i was still on until i closed my own session xD
having to use diff shell because of ur "whatchu doing mate" spam xD
@slate crow check root
gilded prism
done with that one. i'll reset for you tho
nova tide
who is this Strange270 with @last ether in koth rn?
btw you are practising for competition? ๐
last ether
Were am I in that game bro?
last ether
๐คฃ
last ether
๐คฃ
nova tide
nova tide
aah ok
i just saw the Pakistani flag so just wanted to know. as he's ranked #3 on THM scoreboard in Pakistan
gusty cradle
๐ค
nova tide
after ma1ware and me though
gusty cradle
At least he's winning ๐
nova tide
well he's trying.. GL to him
gusty cradle
You're in the match as well? ๐ค
weary marten
he is good though
nova tide
if i were @weary marten wouldn't be root for this long ๐
nova tide
nah JK. ik you are good xD
weary marten
na man me noob
weary marten
ohh no, wheres my rootkit
quiet schooner
nova tide
starting in 9 minutes.. public game
https://tryhackme.com/games/koth/join/ce7889325f655be1f1477964
weary marten
where is the stinking flags in panda xD
nova tide
oh Strange also have 7 flags.. Can i claim that's my alt acount?
weary marten
everyone afraid of you xD
nova tide
12 minutes to go:
https://tryhackme.com/games/koth/join/19beca3ece631ca285f42b38
public game
12 minutes to go:
https://tryhackme.com/games/koth/join/19beca3ece631ca285f42b38
starting in 5 minutes
fair adder
New KOTH Box any time soon!?
autumn iron
me too
weary marten
create a new game
weary marten
24min ๐ถ
autumn iron
did you ever solve offline
weary marten
one time
autumn iron
how was it??
weary marten
๐คทโโ๏ธ
autumn iron
lets wait for some time
nova tide
ppl only koth when i am sleeping ? ๐ฆ
nova tide
public game starts in 24 minutes:
https://tryhackme.com/games/koth/join/c27aa569928a5b56fa32377c
nova tide
i went out for a few minutes.. whats that?
sturdy plank
dont know about it
but its look like someone sending message from syslogd
maybe its for ur CPU
any one want to play koth??
latent shell
Hey peeps join us today for the second weeks qualifers at 5:30 PM BST / 10:00 PM IST for the SECARMY KoTH JULY event.
Will share the link at 5:30 PM BST exactly
rancid pewter
Ohhh a competition I might need to finish some game for it
latent shell
Hey peeps join us today for the second weeks qualifers at 5:30 PM BST / 10:00 PM IST for the SECARMY KoTH JULY event.
@latent shell will drop the link in 7 mins
Hello everyone,
Here are the links for our first match of the second week of SECARMY KOTH July Event,Please DM me once you've successfully joined the lobby!
Invite Link: https://tryhackme.com/games/koth/join/5360d41a58847841e97a9dde
Spectator Link: https://tryhackme.com/games/koth/6744
serene bay
2 Slots still left for the Event
latent shell
@brazen cloud hey i need some help , can i DM?
latent shell
sure thanks!
brazen cloud
Should be good to go ๐
nova tide
Ppl saw myDonut joining and now the lobby isn't even full even after 30 minutes in game ๐
blissful flower
quiet schooner
Food
nova tide
Production,Shrek
split stump
nova tide
@rancid pewter you playing?
rancid pewter
Eating my Oreo
mint cargo
lol
nova tide
if you plan to play let me know we can reset.. as i have already patched everything
If deleting counts as patching
nova tide
its the only box that i know how to properly play
have already lost in this one against you and westar before once
rancid pewter
You deleted the /usr/bin I think
nova tide
no
rancid pewter
You deleted systemctl, wget, curl ?
nova tide
no
You deleted systemctl, wget, curl ?
@rancid pewter they are still on the box
in /usr/bin
rancid pewter
You modified the PATH or something ?
nova tide
i did something that i want to do in finals
mostly to stop some rootkits.. i didnt delete any of those binaries though that i can confirm
rancid pewter
Can we reset plz ?
rancid pewter
Maybe I should start to kill people shell
grand ember
lol
nova tide
well its not against the rules... sooo?
after patch i have to kick you out smh if its by urandom or kill
before you could set some persistence
nova tide
noice
rancid pewter
But I dont know if it going to work since it a Centos box
grand ember
if the kernel version is right then it should be fine
unless you're running ubuntu specific commands
nova tide
its working
rancid pewter
I know but I have made change on my Ubuntu box but forgot to change it on my Centos box so I only need to recompile it
You can do cat king.txt you will see my name but I wont be king
nova tide
You can do cat king.txt you will see my name but I wont be king
@rancid pewter but why??? ๐
yeah you are in king file though
rancid pewter
I just need to change an '=' to '<' in my rootkit
Donโt worry I am making some persistence that you wonโt be able to kill
But really well played
nova tide
Thanks. Looking forward to play against you in the competition. If i didn't had my finals during the competition i may have made one myself
elfin charm
fair adder
gentle wedge
starts in 5 min
nova tide
umm you pasted it twice
nova tide
@gentle wedge which box
gentle wedge
dont know which box
barren stream
If there was a leaderboard for KoTH @nova tide would be #1 all I ever see you do is hang out in this channel and play KoTH
nova tide
If there was a leaderboard for KoTH @nova tide would be #1 all I ever see you do is hang out in this channel and play KoTH
@barren stream only thing left is to start making rootkits now. That i will start working on after finals