10 mins
#koth
dull geode
weary axle
pls reset the machine
idk why but something is continuoulsy dissconnecting
@dull geode
dull geode
no
I got root
what are you trying??
I got disconnected too
but then I got to know the problem
try
I'm already root
ther's no problem with me
I'm all OK with the machine
and
for a tip
if you're using
smb
then
you must specify your group first
idk why but something is continuoulsy dissconnecting
@weary axle lol it happend to me too you just have to look around
nova tide
Try to put everything in one message? 
dull geode
ah sorry
weary axle
just reset the machine quark......its easy to get root
dull geode
I already have
weary axle
reset*
lyric linden
weary axle
-__-
dull geode
OK
weary axle
dont remove it from sudoers list
dull geode
awibdawiaw#@$@@$@$
dont remove it from sudoers list
@weary axle lol do you want me to put your name into king too??
I can do that for ya
weary axle
thats so fine with me but let me try to get root then
dull geode
I did that at the starting
dull geode
I patched everything
weary axle
then game over
weary axle
aree -__-
dull geode
how do we unpatch??
dull geode
what??
lol
can we remove commands?
did you get anything?
well I being the nice guy
can tell ya something
||there is a vuln in the webpage||
weary axle
what rooms shd i do?
weary axle
linux privesc is sub only
weary axle
anyone?
cerulean maple
yes ?
weary axle
im new for this
fair adder
and that too
barren oar
GG
fair adder
GG
opal pond
How long till it starta > https://tryhackme.com/games/koth/join/55332abfbfec4601318714aa
@barren oar
weary axle
why did i join so late -_-
opal pond
So we killing shells now ? Lol
opal pond
Ggs
barren oar
yu
opal pond
So many loops lol
opal pond
Cuz it was changing so fast
barren oar
i tried to write it but still empty
opal pond
Bc of the loops
barren oar
i thought so
fair adder
But i fixed
opal pond
Maybe i broke the king.txt and cannot fix
@fair adder can i Dm for a question? 😄
barren oar
i killed like 20 loops but still not enough
fair adder
@fair adder can i Dm for a question? 😄
@opal pond Sure
Look
But the game was over
fair adder
Who was killing my shell? xD
barren oar
@fair adder I won’t let me ?
@opal pond same here
opal pond
Who is killing my shell? xD
@0xff00df#6242 that would be me
barren oar
Who is killing my shell? xD
@fair adder that's me...😆
fair adder
Yea, i do, bc you killed my shell
barren oar
But u killed mine so many times
@opal pond so i was killing both of your shells
:xD
i was just bored
opal pond
@opal pond so i was killing both of your shells
@barren oar same i killed eveyshell except mine
Yea, i do, bc you killed my shell
@fair adder dm me ?!
fair adder
@fair adder dm me ?!
@opal pond For what?
opal pond
Question
barren oar
how you broke king.txt file
Question
@opal pond
fair adder
If you have a question, you need to dm me xD
barren oar
@opal pond For what?
@fair adder ??
opal pond
If you have a question, you need to dm me xD
@fair adder Your message could not be delivered because you don't share a server with the recipient or you disabled direct messages on your shared server, recipient is only accepting direct messages from friends, or you were blocked by the recipient.
It won’t let me tho
fair adder
Add as friend
opal pond
Sent
fair adder
@fair adder ??
@barren oar ? -'
barren oar
@barren oar ? -'
@fair adder request...
fair adder
anyone interested in an private KOTH => hogwarts?
barren oar
anyone interested in an private KOTH => hogwarts?
@fair adder i do
barren oar
10min?
@fair adder link
fair adder
@barren oar done
fair adder
Can i join?
nova tide
how you broke king.txt file
@barren oar try reading koth blog post for that
harsh obsidian
Got a game starting in 15 minutes: https://tryhackme.com/games/koth/join/85f13ef3be3afe0690909ef1
That game starts in 3 minutes
idle siren
Anyone is hosting a game?
Starting in 24 minutes https://tryhackme.com/games/koth/join/dc996266be643e96c8bff9e8
barren oar
GG
weary axle
where do i find more 4 flags
harsh obsidian
where do i find more 4 flags
@weary axle On what box?
weary axle
panda
harsh obsidian
if you use the find command, and a little bit of the strings command, that should help you with most flags
wanton sedge
gg @weary axle
harsh obsidian
especially once you have root access
although i haven't been able to find the final flag myself....
@wanton sedge , do you have all of them for panda?
wanton sedge
no only 6
harsh obsidian
no only 6
@wanton sedge damn. i haven't found anyone who has all eight
wanna dm, compare, and see if we have all 8 between us?
fair adder
hi!
barren oar
@barren oar 20 mins passed already but feel free to join
@opal pond ahhh hell you already patched it man
opal pond
Vote reset if u want im up for the challenge:D
barren oar
Vote reset if u want im up for the challenge:D
@opal pond 😅
cerulean sparrow
stiff egret
Post the invite link if you want others to join.
barren oar
20 mins if anyone wanna join...
https://tryhackme.com/games/koth/join/ac97c34c8604a55206c15c81
wanton sedge
is it allowed to stop or change ssh port !! 🤔
blissful kettle
It's against the rules to close ssh, typically
wanton sedge
i have game someone close ssh on tyler
blissful kettle
That's what one of the mods put
stiff egret
i have game someone close ssh on tyler
@wanton sedge Mostly players just change the port of ssh, so you should rescan the machine if you think port/ssh is closed.
is it allowed to stop or change ssh port !! 🤔
@wanton sedge Give the rules a read.
wanton sedge
yes i found another port sorry
stiff egret
NP :)
barren oar
i did not closed i just changed it
wanton sedge
yes sorry @barren oar gg bro
barren oar
yes sorry @barren oar gg bro
@wanton sedge its ok bro
ya gg
you have other options to get the root sheel straight
you have other options to get the root sheel straight
@barren oar did you know that
wanton sedge
yes but cant do anything with them
barren oar
why
i just patched patched them 5 min before machine expires
there was a python app running and you can upload your shell to it but i patched it
wanton sedge
gg i will try hard next time 💯
barren oar
gg i will try hard next time 💯
@wanton sedge yeah good for you man
@wanton sedge yeah good for you man
@barren oar btw GG
nova tide
find is a great command
barren oar
anyone interested...?
https://tryhackme.com/games/koth/join/9abcb3653be31c06f92ac3be
barren oar
why i cant find king.txt file in Hogwarts
why i cant find
king.txtfile in Hogwarts
@barren oar ohh i get it...😅 my bad
weary axle
u got to make a king.txt
bleak delta
@barren oar did you stop ssh?
barren oar
no i did not
@barren oar did you stop ssh?
@bleak delta
@barren oar did you stop ssh?
@bleak delta try again bro
i just patched the server
bleak delta
yeah, it is back now
bleak delta
yeah, it's weird. I still cant figure it out
barren oar
gg
bleak delta
gg
@barren oar thanks but youre the only one had a good game
barren oar
@barren oar thanks but youre the only one had a good game
@bleak delta thanks
barren oar
anyone knows about this string "U2FsdGVkX1/VyDt0m+OP9RH0vvwnqiEAgkpgNxsGeVDohJqH0x5xPSjkaw+2mGQ3"
barren oar
why cant i edit?
@weary axle its my new trick
:xD
how many time you guyzs gonna reset the box
weary axle
tell
barren oar
not now
weary axle
-_-
barren oar
-_-
@weary axle 😅
weary axle
anyone?
barren oar
anyone?
@weary axle yeah
weary axle
not now
barren oar
ohh ok
not now
@weary axle
barren oar
it must be loops or someone used chattr
Game in 20 mins
https://tryhackme.com/games/koth/join/b0aaee83ad0ff22f784cf2d3
barren oar
Game in 20 mins
https://tryhackme.com/games/koth/join/b0aaee83ad0ff22f784cf2d3
@barren oar startng in 1 min
barren oar
that,s why i,m struggling with ssh
barren oar
done
fair adder
cool
barren oar
you killed my session
dull geode
that's a common thing bruh
just use ssh in different tabs
and
keep changing
root passwords
barren oar
i know that bro
dull geode
nice then
fair adder
@barren oar ssh is down
barren oar
killing ssh is forbidden
fair adder
i know
barren oar
now what
fair adder
🙂
fair adder
it's not me
barren oar
by the way GG
fair adder
i have created a symlink /usr/bin/python3
so my script runs when you run a python script
barren oar
yeah i saw that one
barren oar
i just saw it but did not try to change that
i was searching for the watch service that man killed it thats why my name does not appear
barren oar
yeah
barren oar
i was sick of that man he just killing ssh ports again and again and then he killed watch service
fair adder
yeah i understand but you're not alone ... he did the same on me
barren oar
because i prefered still king ...
@fair adder
barren oar
yeah
my ssh is not working it just wait and wait and then close the connection
did you know any solution
barren oar
where i have to use private key mostly
barren oar
not really
barren oar
yeah i can play
fair adder
Ok cool hum let's create a private game
Do you want to do an easy machine just to be root and then "fight with me" ?
barren oar
as you wish
north stag
north stag
opal pond
Lol
winged charm
Heck yeah
stiff egret
I'll be honest, that's wayy cooler then nyancat
weary axle
wait how to meterpreter inside machines?
stiff egret
You can't
barren oar
starts in 3 mins....
https://tryhackme.com/games/koth/join/28bb22fc303da36320fd52eb
stiff egret
Because someone removed chattr
livid ginkgo
Im interested if there is a writeup for Carnage? I found one way in but really want to learn from the other ways...
livid ginkgo
yeah thats the way i found - just curious on the other ways
barren oar
GG
fair adder
Hi, when someone use chattr on king.txt, is there a way to find this user or its tty ?
barren oar
idk
fair adder
Hi, when someone use chattr on king.txt, is there a way to find this user or its tty ?
@fair adder Yea
You can find any user tty with ps -au
If the user was logged in ssh, you can who -a also
thx
livid ginkgo
What’s the possibility of other Koth rooms being released to the room pool of THM. It would be great to practice the rooms or have an increased time for KOTH boxes to really run a full pen test on them.
opal pond
What’s the possibility of other Koth rooms being released to the room pool of THM. It would be great to practice the rooms or have an increased time for KOTH boxes to really run a full pen test on them.
@livid ginkgo if ur subscribed why not create a priv game and select the room u wanna run a full pentest on ? Maybe invite a friend or anyone to stay in the game so u can play
wraith geyser
wont there still be a timelimit?
livid ginkgo
It’s the time that’s the issue @opal pond. I have done things like that just wish it was longer
opal pond
wont there still be a timelimit?
@wraith geyser ik but u can do it multiple times back to back
It’s the time that’s the issue @opal pond. I have done things like that just wish it was longer
@livid ginkgo .
wraith geyser
they dont want it to reset tho
opal pond
they dont want it to reset tho
@wraith geyser i mean its not like a big network that u don’t want resetting
But eh thats my opinion,that would be a good option to add tho anyways
terse willow
What’s the possibility of other Koth rooms being released to the room pool of THM. It would be great to practice the rooms or have an increased time for KOTH boxes to really run a full pen test on them.
@livid ginkgo I might look into releasing Fortune standalone
livid ginkgo
That sounds good @terse willow I did fortune a while back and would love to work on it fully. What makes a room qualify for a KOTH room as opposed to a standard room out of interest?
Is it multi routes in?
terse willow
KoTH boxes are designed to have at least four access points, and at least four privescs
Standalone rooms are, well, any room on the platform 😆
It just means that we take the VM and stick it into a room so it can be deployed at will
Currently the only KoTH creator who has done that is James
opal pond
Food and Hackers > Currently the only KoTH creator who has done that is James
@terse willow
livid ginkgo
Okay. It’s good to know that there are 4 ways in to look into. I really struggled with finding another way with carnage. I suspect one other way, but really not sure.
fair adder
Hi, what is the best way the keep a root access on koth ?
prevent others from getting root?
no but if i loose my shell for example, how can i be root in a quickly way
quiet schooner
Leave a backdoor for yourself
fair adder
can you give my an example ?
quiet schooner
https://github.com/NinjaJc01/ssh-backdoor rumour has it I made one
fair adder
thanks @quiet schooner !
wraith geyser
you can just drop a suid sh somewhere random
quiet schooner
Assuming you can get back into the box at all
wraith geyser
hm, yours would show up on ps aux, right?
terse willow
There are a few ways to stop things from showing up in the running processes
Honestly doing it at the kernel level with an LKM is probably the most common in KoTH
A root kit, in other words
quiet schooner
hm, yours would show up on ps aux, right?
@wraith geyser Yep. There are ways to do it with SSH keys that won't, as it'd be a part of SSH
weary axle
james how would i use it?
quiet schooner
It?
weary axle
backdoor
wraith geyser
yeah, another option is to drop a key into .ssh/authorized_keys
weary axle
wait after generating a ssh-keygen in root how would i make it in use?
quiet schooner
I mean I built it for a room, you can try using the help dialog or work out how it works yourself
I'm not writing docs for it.
weary axle
u made it atleast tell me how to use it
what shd i do for help??
what command?
name --help
but what will br in name?
quiet schooner
u made it atleast tell me how to use it
@weary axle I'm not obligated.
weary axle
ssh-backdoor --help?
ok fine
wait after generating a ssh-keygen in root how would i make it in use?
harsh obsidian
There are a few ways to stop things from showing up in the running processes
@terse willow
Honestly doing it at the kernel level with an LKM is probably the most common in KoTH
@terse willow
Do you have any good resources so I can go out and learn how to myself?
terse willow
I'm not big on KM development myself. I've done it once or twice (for Inoculation, for example). @rancid pewter would be a good person to speak to about it though.
There's plenty of stuff on Google as well
Some decent Youtube videos too
gentle hatch
ipp recommended this rootkit here, its open-source, read thru the code and get an idea for what it does https://github.com/f0rb1dd3n/Reptile
great old-school article here on intercepting sys-calls, gives you a good idea of how these kernel modules work http://www.ouah.org/LKM_HACKING.html
terse willow
I'm impressed
That thing is compatible with a range of kernels
Good thing for the notes
gentle hatch
the port-knocking backdoor is really cool too, once my homelab is set-up Im gonna be messing around with it more but unfortunately haven't had the use-case/opportunity to use it much
rancid pewter
I actually have lost my rootkit it in an encrypted hard drive that I have forgot the password.
gentle hatch
RIP
stiff egret
I actually have lost my rootkit it in an encrypted hard drive that I have forgot the password.
@rancid pewter rockyou all the way
real life forensics
rancid pewter
Probably the best time to play against me on KOTH I dont have any reverse shell or script to put my name in king and I dont have my notes for the boxes
opal pond
How long till it starts
fair adder
1 min
stiff egret
Probably the best time to play against me on KOTH I dont have any reverse shell or script to put my name in king and I dont have my notes for the boxes
@rancid pewter lol
fair adder
ssh is down
opal pond
ssh is down
@fair adder its not
fair adder
ahh ...
opal pond
ahh ...
@fair adder checkout robots.txt
fair adder
ssh -i id_rsa_shrek shrek@10.10.155.16
opal pond
@fair adder checkout robots.txt
@un.kn0wn#3578 .
fair adder
?
opal pond
Check out the robots.txt on the web server
fair adder
i did it
ssh -i id_rsa_shrek shrek@10.10.155.16
ssh: connect to host 10.10.155.16 port 22: Connection refused
opal pond
When ? > i did it
@fair adder
fair adder
i retry wait
opal pond
Check it out now
opal pond
Jesus Christ just check robots.txt i put a list of ports for u to try as a hint
fair adder
the target is well 10.10.155.16 ?
opal pond
Ugh its port 6969
fair adder
i try it
opal pond
🤦🏽♂️
fair adder
🙂
stiff egret
@fair adder Do not post spoilers here.
stiff egret
Also avoid messages that contain specific info about machines, Mod (Bee) just deleted your message.
barren stream
Yup! Listen to Holmes, KoTH staff so they know what they're talking about 😄
fair adder
i'm sorry
harsh obsidian
Probably the best time to play against me on KOTH I dont have any reverse shell or script to put my name in king and I dont have my notes for the boxes
@rancid pewter that's why i migrated all of my notes to git as .md
anyone up for a game?
stiff egret
I am, if it's not Hogwarts
nova tide
Imagine creating a machine and not able to play it
stiff egret
The reply I want to give will get me banned.
harsh obsidian
lol
15 minutes, set to random. https://tryhackme.com/games/koth/join/19cf731df7b86be9c3a22fd9
fair adder
cool
harsh obsidian
i'm probably not going to go ham on the box. gonna refine my notes for the different ways in
fair adder
ok
opal pond
GG
stiff egret
true
nova tide
The reply I want to give will get me banned.
@stiff egret say it
nova tide
holmes just said pg18+ words, ban him
He deleted his messages
||i just want a mod to read this and add a warning for you||
terse willow
-warn @nova tide Attempting to get @stiff egret in trouble
sour vectorBOT
⚠ Warned Naughty#9045
nova tide
....
stiff egret
THANKSS
terse willow
Yw 😁
fair adder
Lol
dusty canyon
holmes has divine protection
dusty canyon
lmaoooo
copper bane
weary axle
why dont flags change
nova tide
stiff egret
why dont flags change
@weary axle they will soon™️
lone cobalt
anyone up for a koth?
fair adder
you mean that someone kill your ssh connection when you're connected to the box ?
hum ... i am not a specialist in koth rules, but i think that he can do that if he creates another way to enter the server
No attacking other users (rules 6)
are you root ?
which game it is ?
yeah i mean room
if anyone wants
5 mins
stiff egret
@stiff egret
@regal acorn ?
Yeah it is allowed, he only killed your ssh connection to the box.
lone cobalt
i wanna join you guys too
can you just ping me if you need members
well i am in a room currently , join if you wanna join.
https://tryhackme.com/games/koth/13676
can anyone just hint me when is a koth play said to be cheat?
cerulean maple
Changing/deleting flags , turning off services is considered cheating I think
harsh obsidian
Changing/deleting flags , turning off services is considered cheating I think
@cerulean maple Definitely with the flags. Patching services or changing ports is acceptable tho
cerulean maple
Yes , some of them kill shells which is not cheating but is annoying xD
nova stream
sonic belfry
Kelly killing kshells at the KotH core. Try saying that 5 times.
stiff egret
Just did that @sonic belfry now what did I win?
sonic belfry
The Eternal Glory.
sonic belfry
^^
stiff egret
The Eternal Glory.
@sonic belfry scam
stiff egret
Probably someone is running some codes on it, and you checked it in middle of a loop.
Well then simply add your name in it.
That's the aim.
All here to learn. NP :)
opal pond
https://tryhackme.com/games/koth/join/4db17084f31cbb837e84b332
@Mr.Holmes#0001 when does it start
stiff egret
Already running,
opal pond
Already running,
@Mr.Holmes#0001 ah ok Gl
nova tide
@fair adder you still playing?
fair adder
no i didn't even play
nova tide
ok
hoary fulcrum
.
harsh obsidian
.
stiff egret
.
nova tide
Just here to break the rythm
stiff egret
Goddamnit
sonic belfry
Morse code detected. Abandon ship.
quiet schooner
.
@hoary fulcrum If you want to check your level etc, please use #bot-commands
pearl gust
.
stiff egret
.
nova tide
spark garden
jagged tinsel
idk if its supposed to happen, i was just on hogwarts, found a ||zip file and could not crack it with john, it said no hashes to crack, or something along those lines|| and I couldn't get any further than that
stiff egret
That is intended, you need to crack it.
jagged tinsel
I attempted to crack it, it just wouldn't
sly turret
winged charm
@fair adder hey mate can you send me a DM when you get a chance?
fair adder
lol
manic pier
.
weary axle
.
barren oar
why can't i change the permission of this file😡
bleak delta
@barren oar try chattr -i king.txt
barren oar
there is no chattr on the box
bleak delta
oh 🤷♂️
nova tide
@barren oar #koth message
stark gate
why can't i change the permission of this file😡
@barren oar same here
i was root but couldn't edit the file 🤷
fair adder
I had the same problem
wraith geyser
see link naughty posted
barren oar
lsattr king.txt?
@weary axle yeah i did check the file usinglsattr
jagged tinsel
Is it possible for people to remove chattr?
jagged tinsel
or am i missing something, a few times I've been unable to use chattr to add my name to king
pearl gust
Is it possible for people to remove chattr?
@jagged tinsel
u can delete it
jagged tinsel
i mean, is it allowed on koth
quiet schooner
I'm pretty sure it's not against the rules.
jagged tinsel
Ah okay
weary axle
koth>
quiet schooner
it doesn't mean immutable
fair adder
and so what does it mean ?
stiff egret
google?
fair adder
i found thanks for your answers 🙂
west heath
who shut down ssh?
stiff egret
It's not off, someone changed it's port
redo the nmap scan.
Please reset, whoever is in the above game, someone removed king service.
west heath
well this is fun...
stiff egret
well, whoever is pr1sm, they are breaking the roles.
jagged tinsel
I'm not getting point for being king even tho it says im king, I only have 1m of king time and ive been king for 10 mins
west heath
is the king service disabled again?
jagged tinsel
Its not disabled, I think I know why... doing lsattr king.txt says -----a-------e-- so I can append to the file, but can't overwrite it, correct?
stiff egret
Yeah.
jagged tinsel
Eitherway, my name is in their twice because it's been appended not rewritten
so it's not giving me the points
cus my name isnt lewisosflewisosf
stiff egret
We are not in same game.
You need to change the permissions on king.txt using chattr.
Give the blog a read or maybe google about chattr binary.
jagged tinsel
Yeah we're not, just needed some help 🙂
I forgot about chattr, will give it a go
stiff egret
:))
jagged tinsel
chattr isnt on the box 😦
stiff egret
upload yours
jagged tinsel
i just did that, when i ran it, it didnt work
stiff egret
make it executable/ upload the static binary
jagged tinsel
made it exec, uploaded it, made it exec on the box ./chattr works but doesnt seem to do anything when i use ./chattr -i king.txt - can't write to file still after that
stiff egret
someone can be doing that in a loop.
jagged tinsel
2 mins to the box ends anyway so not much time left
jagged tinsel
box ended, I won luckily lol
nova tide
You can always read the blog post
steel dew
with private games are the rules different or do you still have to follow the same ones
terse willow
With private games you can do what you want, as long as it's agreed by everyone 🤷♂️
quiet schooner
*be aware that attacking other user's machines is pretty illegal
covert vale
anyone playing now ?
arctic berry
can i watch someone do a koth
cerulean maple
You can if someone is streaming KoTH , if not then you can watch JohnHammond's video on it
tough zodiac
patent forge
who is playing this? https://tryhackme.com/games/koth/13856
(invitation link https://tryhackme.com/games/koth/join/afee24c60c815adc8e5f7848)
dreamy rune
woeful rune
Hello all 🙂 I was trying a random KOTH join for some practice and ended up with a new game launch. Players in the range of THM lv10 would probably match closer, but all are surely welcome:
https://tryhackme.com/games/koth/13888
Game starts in about 15 minutes
jagged tinsel
^ you gotta put the invite code (i joined through public match) - https://tryhackme.com/games/koth/join/a533b2cd2944dff952885aab
woeful rune
Ah, not really sure yet how this works. 😉 Thanks for the assist @jagged tinsel
Where do I get the invite code for a launched game?
jagged tinsel
on the KOTH page (where you see us in the lobby), in the top right you should see an "options" buttion, theres an invite link and a spectator link
woeful rune
++ got it for next time, thx
woeful rune
I am aware there is 1 Windows box in the current rotation, and honestly will have no idea what to do if that is our draw.
Up for some play and some new things to learn, regardless 😄
jagged tinsel
I'm the same 🤣 i can't do windows boxes at all
woeful rune
lol @jagged tinsel is a sandbagger shark...10 mins on "no clue" Windows box and @ 8 flags
jagged tinsel
I did the box earlier unfortunately (lucky for me i guess) and have all the notes step by step on how to get in
woeful rune
it's ok @jagged tinsel , I expect there are ppl like you haunting around here for their kicks
I'm still try to learn something new today
jagged tinsel
I had no idea it was gonna be a box I have already done, I wanted to get on a linux box as I have only done 2 or 3 of them, wanted a new one
woeful rune
@jagged tinsel you be you trying to collect and rack wins. I be me, trying to learn new stuff
...no concerns
not on the box, but have gotten a lot of Windows exposure in the short time. AutoRecon is helping with what I should be studying for later.
Interacting with this SMB...just not seeing yet what to do with it for points
Well I think 800-0 at 1 min left is good time for gg
:)
Maybe I win another day @jagged tinsel , thanks for the join and my chance to look at this a bit.
jagged tinsel
Yeah as I said earlier, I did this before and made a write up so I know what to do next time, so, sorry for that. I didn't mean to join you and instantly get on and get the points. There are quite a few boxes I haven't done and that's what I was hoping for honestly, i apologise
@woeful rune
woeful rune
Don't worry 'bout me being "butt hurt". I'm a big boy....but maybe don't act clueless when there is literately 1 Windows box in the rotation, and you have experience with it
weary axle
i dont uderstand priv esc in windows at all
dapper fern
Hey @broken berry .. Howz koth going
broken berry
Hey <@573087577394118688> .. Howz koth going
great actually
Is there a sixth flag?
dapper fern
@broken berry i only find 4 flags
broken berry
<@573087577394118688> i only find 4 flags
i found 5..dunno if there are any more
broken berry
https://tryhackme.com/games/koth/join/cde2aae14f30f4eea0609e32
@dapper fern you in?
opal pond
Anyone up for a game
stiff egret
Sure ping me if you play :))
dull geode
Anyone up for a game
yeh cmon
opal pond
Sure ping me if you play :))
@Mr.Holmes#0001 im in a game that starts in 24 mins, send me a link if u’ve got a game that starts sooner if not ping me to send the link
Or i can start a priv game
stiff egret
We both in are in same anyway 😄
opal pond
Welp
No flags ?! 😂
Or can I submit them the last sec again lol
yeh cmon
@dull geode join if u want
opal pond
Wait I thought i did lol
opal pond
Ah aight so no flags this game ?
stiff egret
🤷♂️ your call, you submit flags, I submit flags
opal pond
Well of its not hogwarts or Offline
🤷♂️ your call, you submit flags, I submit flags
@Mr.Holmes#0001 bet
stiff egret
Yeah, I can't play either one
stiff egret
> 🤷♂️ your call, you submit flags, I submit flags
@Mr.Holmes#0001 bet
done
opal pond
Ffs
opal pond
Create a priv game
stiff egret
You making or should I?
dull geode
you ppl not playing anymore?
opal pond
Im not
stiff egret
I avoid offline and hogwarts
dull geode
all the fun just got down😐😐
opal pond
Same
dull geode
hogwarts
dull geode
I just can't figure out anything about hogwarts
stiff egret
(yeah xD)
stiff egret
I just can't figure out anything about hogwarts
Enumerate more?
dull geode
yeh
opal pond
Well the real question is why do U avoid it lol
dull geode
but never got hogwarts again
stiff egret
Well the real question is why do U avoid it lol
it won't be a fight in hogwarts, I know the machine inside out
opal pond
Fair enough
dull geode
bye guys
stiff egret
ok time to bomb thread the king file.
opal pond
ok time to bomb thread the king file.
@Mr.Holmes#0001 ay shrek wont let me finish lol i was tryna say i though u did that to me once so my bad we can restart if u want
stiff egret
nah, doesn't matter it was just sleep binary.
harsh obsidian
I avoid offline and hogwarts
For offline, start with ||smbclient|| later on ||psexec|| will be your friend
stiff egret
(I know the machine, It's just I dont like playing koth in windows) I dont remember powershell commands
GG
opal pond
Gg
past basalt
GG
opal pond
(I know the machine, It's just I dont like playing koth in windows)
I dont remember powershell commands
@Mr.Holmes#0001 i found some || domain users|| with ||kerbrute|| but non of them apparently had ||DCSync rights|| no luck brute forcing the passwords too, is that the intended way ?
Or am I missing something again
stiff egret
just give the machine a ||--script|| scan with nmap, you'll get what you need
opal pond
Welp rip all my efforts
steel dew
do people know to look for more than one flag because no one else is finding flags in the room i am in and i have found all 8 of them
steel dew
blissful kettle
Some may prefer to go for king straight away instead of caring about flags
steel dew
ok
because as soon as i got king i went to all the user folders and got the flag.txt files
and i would have got a longer king time if someone didn't keep closing my msf shell
which is how i had remote code execution through cmd
dapper fern
Hello
broken berry
hey, can anyone tell me why the user flag on the lion machine is reversed
especially marty's user flag
and alex's flag is always incorrect
stiff egret
They are intended jokes from the box creator.
broken berry
They are intended jokes from the box creator.
oh nice
stiff egret
Many flags are reversed or base64 encoded or in similar trolls.
tepid hornet
Many flags are reversed or base64 encoded or in similar trolls.
Wouldn't you know 
stiff egret
dull geode
They are intended jokes from the box creator.
yeh what else we need when we have one
stark gate
somebody knows how i can execute python code (c option) with this : sudo -u <user> /usr/bin/python3 a a: ? When i put : sudo -u <user> '/usr/bin/python3 /tmp/script.py' a a: it's not considered as a program :/
i noticed that when i execute the first one python gets an -o argument idk why ...
quiet schooner
Is this KoTH related?
opal pond
Lets see what you got ?!
@primal shoal how about tomorrow 👀👀
primal shoal
> Lets see what you got ?!
<@565166171490615296> how about tomorrow 👀👀
Now:)
Links is ready, i know your timezone ,)
opal pond
Um that’s weird?!
harsh obsidian
final cairn
don't you guys think 1h is a bit short? I'd love to have the option to continue searching for flags (after the king won the game). I found pretty frustrating, always in the middle of the something (working on a vuln most likely, learning a lot 🙂 ) and the machine stops responding (1h elapsed).
stiff egret
There are few plans in works related to that :))
signal hinge
Anybody want to play KOTH after two hours
viral stirrup
@final cairn maybe you should download some KOTH's themselves and try to compromise them in your own pace
stiff egret
Mhmm. That as well, some machines are also released as room to deploy and use individually. Hackers and food are 2 examples.
final cairn
There are few plans in works related to that :))
oh nice, glad to hear it 🙂
final cairn
where can we read more about this? @stiff egret any roadmap ?
opal pond
where can we read more about this? @stiff egret any roadmap ?
@final cairn about what ?
final cairn
> where can we read more about this? <@!580609268261191680> any roadmap ?
<@1300...
about what's coming soon or in the future for koth
opal pond
Idk bout future stuff for koth but about koth in general check the pins
final cairn
yeah well i was asking for a roadmap nvm ^^
stiff egret
No, there is no roadmap as of now. RN the next big thing is advent of cyber 2 atm.
final cairn
alright cheers
winged charm
No, there is no roadmap as of now. RN the next big thing is advent of cyber 2 at...
And the tour- waiiiit I’m not supposed to say that
opal pond
👀
stiff egret
And the tour- waiiiit I’m not supposed to say that
CRYYYYYY!!!! You will make dark remove our roles as well.
If it comes to that, I am throwing you under the bus!!!
winged charm
dark can bite me
stiff egret
@mellow bough oh this is gonna be fun
sudden tendon
brazen cloud
The throne awaits
fair adder
https://tryhackme.com/games/koth/join/3f04222863ebc998dbfc680f
Starts in 17min, it's just me for now
fair adder
That's a scumbag move Karma9874 😄
fair adder
lusty tulip
18 mins guys 😉 https://tryhackme.com/games/koth/join/24b8c92b6680706265ed893e
wtf XDDD
sick turtle
Starts in 7 min
viral stirrup
Starts in 7 min
gg
sick turtle
Are you guys in voice chat?
viral stirrup
Are you guys in voice chat?
nopw
sick turtle
I'm down
sick turtle
https://tryhackme.com/games/koth/join/4a5c2f0f1f945bd9bc607188
gg
primal shoal
@sick turtle
Whats your handle there ? 😁
sick turtle
You mean my username in THM? guynamedjerry
primal shoal
Ok
nova tide
which dumbass keeps rm -rfing everything
If you think someone is breaking rules just mail the game id or maybe the suspected person as well to koth@tryhackme.com
quiet schooner
Can you please cool it with the cursing tho?
wraith geyser
ok
primal shoal
@wraith geyser
It was just bcz of your username
sick turtle
https://tryhackme.com/games/koth/join/c79e97051354e7be5768bce2
Has anyone gotten anywhere?
rocky viper
Has anyone gotten anywhere?
Already started
rocky viper
the Brazilian guy
What?
rocky viper
Already started
And is like in the finish
sick turtle
Already started
That's not what I meant, sorry. I meant has anyone made any progress in finding out flags and such?
rocky viper
Yeah
sick turtle
I'm in the game as well
sick turtle
I'm guynamedjerry in the game lol
primal shoal
I'm guynamedjerry in the game lol
Bro send me the link
sick turtle
Wait, what link?
primal shoal
Wait, what link?
Current games link
sick turtle
<@777722399809470484>
Oh thanks, @primal shoal
primal shoal
Oh thanks, <@!565166171490615296>
If u wanna join in case
sick turtle
If u wanna join in case
Nice! I'm in.
sick turtle
https://tryhackme.com/games/koth/join/b7ad871138c1fcea3a1dea9f
Has anyone made progress yet?
primal shoal
This is a hard one, u have to port scan for high ranges
sick turtle
Just got results from -p-
young trout
nice
sick turtle
https://tryhackme.com/games/koth/join/0e724a6432f95021dd4afb9f
Starts in about 13 mins
sick turtle
Just started
sick turtle
GG
@sour zealot how'd you modify king.txt?
It had rw permissions when I checked in through port 3000 as root
That was good though:)
sterile locust
sick turtle
Come and get 'em!
https://tryhackme.com/games/koth/join/39d658d2e337642562df5b43
sick turtle
Got king for the first time. Nice!
sick turtle
Come and get 'em!
https://tryhackme.com/games/koth/join/39d658d2e337642562df5b43
10 king changes in a row!
wraith geyser
wraith geyser
did someone kill the box
teal root
the box still running
wraith geyser
hm i cant connect to any ports?
teal root
idk, but I still can
teal root
oof
wraith geyser
as i suspected
teal root
oh yea, I saw the rules
wraith geyser
and now he blocked my web kali too
teal root
I flushed the rules lmao 
wraith geyser
nice ty
fair adder
I'm a noob trying to learn fast. I start by running nmap and then usually throwing the IP up in ZAP because port 80 is almost always open. I look for low hanging fruit but idk what steps to take next to enumerate a target thats only open on port 80 or similar.
I usually try to use ZAP to find weird logins and fuzz them but I'm not really getting anywhere
quiet schooner
In KoTH?
You're gonna wanna do a bunch of easy to medium rooms in THM before playing KoTH IMO
stiff egret
^^ plus, you can try koth boxes that are made public to get an idea of koth without timer hanging on your head :))
fair adder
Ya I've been jumping in some public games because why not
but obviously not getting on the box at all
fair adder
Hi, someone wants to do a koth ?
fair adder
Thanks for the refreshed rooms - like it
zenith sonnet
Hi, someone wants to do a koth ?
wanna?
fair adder
or a public game
opal pond
Imma join in a bit
zenith sonnet
decide
zenith sonnet
https://tryhackme.com/games/koth/join/7991a867847b6d0659309e3d
fine dude, im not in mood right now.
but lemme give a try 🙂
copper berry
What are the tasks in koth?
zenith sonnet
What are the tasks in koth?
pwning and securing target server
fair adder
@zenith sonnet no problem !
copper berry
Ight I may try it sometime
zenith sonnet
<@!743539174816088176> no problem !
and also net became slow lol
fair adder
:/
zenith sonnet
lets take it friendly instead of taking as challenge for now..ok
zenith sonnet
<@!743539174816088176> let me know when you are ready to play !
im playing this one
fair adder
are you thearb on tryhackme ?
zenith sonnet
yeah
fair adder
cool !
zenith sonnet
u changed something?
fair adder
nothing
opal pond
How long till u guys finish
fair adder
30 mins
@opal pond you want to play with us ?
@zenith sonnet did you see my msg on your terminal ?
zenith sonnet
@fair adder dude, im sleeping
fair adder
oh sorry
zenith sonnet
sry, i was already sleepy as i said, just gave a try. lemme play tomorrow
fair adder
no problem dude !
zenith sonnet
u locked flag files 
didnt u?
opal pond
@opal pond you want to play with us ?
@fair adder yes
zenith sonnet
I had already got root access before you did so
opal pond
Yall finished?
zenith sonnet
well i'm alone then
can u tell how u r getting flags from locked files, if u didnt locked?
opal pond
Actually make if 5 if u haven’t already created one
zenith sonnet
fine, you won, but how u got flags from those files?
fair adder
fair adder
fine, you won, but how u got flags from those files?
write me in private mode
zenith sonnet
write me in private mode
sent
fair adder
it was a good game, aren't you @opal pond ?
opal pond
GG
fair adder
did you take the C ?
opal pond
Did u take the L ?
fair adder
lol
don't forget to read rules too
🙂
Resets should only be used if the target has been broken or otherwise rendered unusable; resets shouldn't be used to prevent users from gaining access.
don't forget it
I've been correct with you during the whole game ...
opal pond
Mate first of all it was a private game, second since u already had the creds u logged in fast and got king for 24 mins during which I tried to kill ur loops :/ wasn’t able to so I reseted the box once and since i had creds like u did the first time i got king faster with my loops ( just like u did ) I don’t believe thats against the rules ( plus i told u if u though it was unfair u could reset the box as well i was ok with it )
fair adder
I didn't kill any loop bro
opal pond
Nobody said u did ?!
Just bc u couldn’t kill my loops and get king.txt and lost doesn’t make me cheater I literally did everything that u used against me so ... 🤷🏻♂️
But again GG 🤷🏻♂️
fair adder
You went againts the rules, even if it was a private game
opal pond
Bruh resetting the box once when there are only 2 players isn’t against the rules
fair adder
don't try to put the blame on me, it wouldn't be fair.
fair adder
Bruh resetting the box once when there are only 2 players isn’t against the rule...
Resets should only be used if the target has been broken or otherwise rendered unusable
no ?
opal pond
Maybe if u didn’t use ur already obtained creds and get root in like the first min and run loops I wouldn’t have reseted the box ( after a whole 24 mins trying to kill the loops )
fair adder
I did only one loop, and you could be root just by typing sudo -l
opal pond
My man Holmes help me out here
stiff egret
Normal rules related to resets, though appreciated if you follow, are not very strictly imposed in private games.
fair adder
I agree, but it was necessary to say that resets to win was allowed then
stiff egret
It's private game for a reason, you made the link, you added people in it, its understood that you either know the players in the game or you have basic understanding with them, hence we can't moderate them too much.
fair adder
I understand ...