I need to re enumerate this machine properly
#koth
last ether
stiff egret
:sed
stiff egret
smh, the machine was fine. Useless reset
candid geode
Did someone just do something to my ssh?
dapper yew
who reset just now
stiff egret
obv not me
dapper yew
this is insane
stiff egret
SMH, Damnit, I am not playing. Go win.
There was no need of reset, either time.
2 Resets back to back. And another on way with 1/3 resets done.
dapper yew
LOL
last ether
π€£
I hit the reset only once during the entire duration
And that was when I couldnt ping the machine in the vvery beginning
stiff egret
GG
dapper yew
i hit the rest when you said , waiting for the last reset .
didnt want to keep you waiting . π₯Ί
lol , someone pushed reset just now at the last minute
candid geode
Remove?
dapper yew
stiff egret
first idea out of the oldest book
if you give them something to kill, they won't look anywhere else
so you see the /var/.history/shell running
you kill it and keep looking at it
dapper yew
first idea out of the oldest book
if you give them something to kill, they won't...
no but i actually saw it running
stiff egret
that was me
dapper yew
ah
stiff egret
used this ^
stiff egret
sure
faint hatch
gg to my KOTH group, fun box
faint hatch
you kill it and keep looking at it
You script it? π
stiff egret
Ofc
runic breach
general question about koth machines, are all initial entry points also possible privesc points? or are some not just possible to privesc from?
opal dove
uh, all accounts have a privesc
well
I don't know about www-data, but there's usually a global privesc for all accounts
e.g. SUID binaries
stiff egret
general question about koth machines, are all initial entry points also possible...
It varies from machine to machine. Some footholds require you to pivot to another user and then get a priv esc to root.
weary marten
wraith mirage
hazy geode
opal dove
chattr?
harsh obsidian
anyone up for a game?
harsh obsidian
That awkward moment when youβre mid-game and a power outage hits
dapper yew
happens to me before 5 seconds when games about to start
harsh obsidian
happens to me before 5 seconds when games about to start
Lol
old igloo
candid geode
https://tryhackme.com/games/koth/join/19d33dd8ea91ef57f49c3f14
https://tryhackme.com/games/koth/19718
dapper yew
KOTH anyone ?
candid geode
KOTH anyone ?
My VM is taking forever to update
stiff egret
ay just for fun match :)
karmic cove
Sure u go π
dapper yew
i wish its a hoth box
karmic cove
i wish its a hoth box
I didn't even got time to solve the medium box π
dapper yew
i solved it yeatrday ; lucky
if its medium , i wont stream
cuz its a secret trick π
i dont wanna spoil it
candid geode
I am in the middle of a koth game right now, and can't use my VM. This is scary.
fair adder
@dapper yew you have all flags?
dapper yew
yep
fair adder
create a backdoor user
dapper yew
yea i forgot to do that
candid geode
I got my VM working again:
https://tryhackme.com/games/koth/join/a99e884ee6e7430e5a1e7b26
fair adder
yea i forgot to do that
and add in sudoers file
nova tide
and add in sudoers file
why need to add in sudoers while you add it as a root user?
nova tide
create a backdoor user
someone changes the password for the user and it's their backdoor now π
fair adder
true
candid geode
I got my VM working again:
https://tryhackme.com/games/koth/join/a99e884ee6e7430...
3 minutes.
stiff egret
https://tryhackme.com/games/koth/join/82d56a47f807459b6a07b987
GG
dapper yew
fair adder
https://tryhackme.com/games/koth/19778 voicechat ?
dapper yew
Anyone Koth in Hoth , Ping me π
dapper yew
clearly not stream sniping abood
dapper yew
your watching my stream , i can see it
dapper yew
what have you done to the box
dapper yew
bruh . i mean something else
dapper yew
bro , theres no else in the box
dapper yew
thats why you werent getting points
dapper yew
how you are in
why would i tell you
dapper yew
ebon heron
but you do somthing
dapper yew
bro , just see you dont have points
you messed up with systemd and koth.service
theres no king
fair adder
.
ebon heron
i cant change your name
dapper yew
ebon heron
can you tell me
dapper yew
nah bro
ebon heron
okk i will discover
dapper yew
π
dapper yew
yup gg
ebon heron
π
primal ermine
im in an empty koth game starting in about 10 minutes, does anyone wanna join? https://tryhackme.com/games/koth/join/1becf0c5d39a29d7e685c221
its my second time so no guarantee ill be any competition lol
pearl gladeBOT
TryHackMe
wispy sequoia
anyone want to come school me in my first KOTH?
https://tryhackme.com/games/koth/join/782470e1ef0cc839b4674f82
fair adder
@wispy sequoia wp bro sorry i didn't see it was your first game
wispy sequoia
@fair adder np, yeah a bit hard for me to fully grasp the concept of KOTH Iβm a beginner still lol
harsh obsidian
harsh obsidian
<@456226577798135808> np, yeah a bit hard for me to fully grasp the concept of K...
we were all beginners at some point
charred compass
my super beginner has joined 
fair adder
well this is taking quite a while isnt it
charred compass
it's interesting to do, especially with it being my first time
fair adder
what are you trying rn?
charred compass
ftp exploitation
fair adder
have u found the flag?
charred compass
nop this is my first ever KOTH I don't know where to look at all π€£ I did find accounts though
charred compass
I just did general -A -p 1-1000, is there a dif with the -sV?
fair adder
eh i dont think -A is a good idea in koth
it takes so long
and the output of it isnt that relevant
i usually do this - -sV -vvv
after rust
you can run -F first too
then scan again the ports it found with more info
check ftp, what does it allow?
charred compass
so that's what flags look like
fair adder
dug the passwords/accs now I'm stuck
have u used hydra?
charred compass
yeah, that's what I was using to fetch the credentials
fair adder
where did u try?
charred compass
one of the accounts obtained from the ftp notes
fair adder
nice bro
i misstyped the username
in hydra
its been running for 20+ min
thats convenient
charred compass
well I'm not getting further in 4 minutes, that was a sweet KOTH
pretty cool introduction to it
fair adder
up for another one?
charred compass
I need to learn some more before digging into it
It would be pretty cool if we could actually see the people trying to break into the boxes when spectating, I initially clicked spectate then unintentionally joined the match so decided to give it a whiff
@fair adder thanks for all the help π I'll look into some more KOTH during the week once I finish my last modules in the beginner learning path
fair adder
np ; )
charred compass
is there any recommendations on things I should focus on for KOTH?
seems the most straightforward thing would be the pentesting path and/or security path to path all the vulnerabilities once inside
stiff egret
is there any recommendations on things I should focus on for KOTH?
Pretty much.
Going for king is the way. You can get flags afterwards. But if you own the king, you own the game.
And, yeah, finding vulns from inside the machine is much easier, so find one easy way to get root, and then find other ways from the inside, incase someone patches the easy method.
nova tide
Set some backdoors as soon as you get root.
candid geode
Is koth not working for any of you?
It says I am currently in a game, but I can't really seem to participate.
last ether
Is this something to be worried about?
ebon heron
Is koth not working for any of you?
i got this
candid geode
i got this
Yeah, very odd.
dapper yew
maybe just ping the staff , might help
short tusk
KoTH staff do not deal with the site.
nova tide
#site-bugs sounds like a better place for that?
fair adder
close one
dapper yew
woah
fair adder
last minute haha
candid geode
close one
What a comeback.
I mean, itβs space jam. The results are usually pretty unpredictable.
leaden kernel
Two swedes playing koth atm, i'll be damned π
Rare breed
Be nice to the swedes @fair adder
sly turret
https://tryhackme.com/games/koth/join/9fe118c98c277da4947ecde2
lvl:
intermediate
sly turret
jo @fair adder killing shells is fun huh ?
fair adder
ye
sly turret
π
fair adder
π£
sly turret
u want to try the H1 hard box ?
fair adder
hell no
blissful kettle
Hey
fair adder
yo
can anyone explain this:?
or why its happenining
you need to go to your profile
and change your 'skill' level
thank you so much bro
sly turret
profile > about you > change lvl
fair adder
; ')
im rank 1 koth
of the month
kekw
wow
biggest achievement of my life
whens the next koth?
oh no
dapper yew
guys anyone for a koth /
fierce mortar
π
fair adder
hidden barn
you guys rock!
nova tide
im rank 1 koth
Nice π
ebon heron
candid geode
dapper yew
<@!804990978728394752> Did you delete the tdurden user? π
by mistake π
dapper yew
i dont know how tdurden was popping again and again
dapper yew
loop for ssh on tdurden ? Heard it the very first time π
dapper yew
i was preoccupied with so much other stuff that did not play koth for bout a week or so .
cuz of this , my first match 
second game , i was comfortable
last ether
And yet you were able to hold king for 3 mins π
dapper yew
haha
fair adder
@candid geode be gentle pls π£
last ether
Peace brother @dapper yew
dapper yew
@last ether may i dm π
last ether
Yeah sure
fair adder
aah im not playing this one
candid geode
aah im not playing this one
Neither am I.
dapper yew
And its H1: Medium <:kekw:658061932577816606>
can you send thelink
candid geode
can you send thelink
I don't have it.
I didn't copy it to my clipboard when I left.
dapper yew
@fair adder do you have it ?
candid geode
How did you get it?
candid geode
Ah, that makes sense.
fair adder
np
fair adder
aaaah i hate this room
candid geode
aaaah i hate this room
The "hackers" room?
fair adder
yes
candid geode
I nearly lost trying to get nyancat on the machine
fair adder
hahahaha
i dont like this room because my internet is so bad
so hydra takes so much time
stiff egret
Maybe you just need to try the correct wordlist
nova tide
You can root the box within a minute
nova tide
rockyou ftw
candid geode
Sometimes it isn't your wordlist being bad. Sometimes the password gets changed.
stiff egret
Sometimes you need a subset of the primary reallly large wordlist
A very small subset
fair adder
nice ty for the help @stiff egret @nova tide @candid geode
dapper yew
Sometimes you need a subset of the primary reallly large wordlist
what wordlist to be used for hackers .
nova tide
rockyou ftw
^
dapper yew
it takes hell lotta time
nova tide
Well it's up to you to figure out what you can do about it π
(I can root hackers in less than 10 seconds)
but autopwns are not allowed
dapper yew
Well it's up to you to figure out what you can do about it π
you wanna play koth ?
dapper yew
Kinda not playing koth anymore.
so now focus on learning ?
nova tide
OSCP
dapper yew
Need more time to study
study ? study what . like cybersec ?
fair adder
theres only one machine i can root in less than 10 seconds
my computer
and thats if i dont misstype my password
candid geode
The only machine I can root in under 10 seconds is space jam
dapper yew
The only machine I can root in under 10 seconds is space jam <:kekw:658061932577...
all the machine are rootable in 10 seconds except hackers , hogwarts and h1:medium .
( according to me )
lol
candid geode
Nevermind what I just said.
dapper yew
π
candid geode
I didn't realize there was the word "except"
quiet schooner
all the machine are rootable in 10 seconds except hackers , hogwarts and h1:medi...
Hackers is rootable in 10 seconds if you know the secret
dapper yew
Hackers is rootable in 10 seconds if you know the secret
where have you hid it james . tell me tell me . just joking
delicate cedar
H1:medium too
quiet schooner
I'm excluding the fact I know a password to an ALL ALL sudo user on it
candid geode
If we knew what all of the root passwords are, we could root easily.
dapper yew
okay lemme do that box again . i am kind of hinted what to do
dapper yew
If we knew what all of the root passwords are, we could root easily.
i know one boxes's root pass
but unfortunately no root login
does any machines have rootlogin enabled ?
candid geode
does any machines have rootlogin enabled ?
Some do, but a lot don't.
last ether
The machine is working perfectly fine
Don't understand why there are 2 resets already
frank oracle
Maybe because you have closed all the ports and entries to the machine :0
frank oracle
oh god do i have to enter in the game for this
frank oracle
Am not in game lmao, am just guessing, i quitted a while ago
urban vortex
hmm i cant seem to connect to the machine it says host is down is any 1 else getting it
nvm
candid geode
hmm i cant seem to connect to the machine it says host is down is any 1 else get...
Are you in my game?
fair adder
vpn?
candid geode
@fair adder I thought no killing shells...
fair adder
hmm who said that?
candid geode
Oh well
fair adder
bro why am i lagging so much wtf
candid geode
Alright.
fair adder
sorry im a dirty player
candid geode
sorry im a dirty player
I think you are the first player that kills my shells at that rate
Rematch? @fair adder
https://tryhackme.com/games/koth/join/aa4b2800e2b08da1b5ac8756
fair adder
candid geode
Rematch? <@456226577798135808>
https://tryhackme.com/games/koth/join/aa4b2800e2...
It's lion again.
fair adder
its ok now i know how he gets access so fast
idle harness
@candid geode why killing shells man D:
candid geode
Me? I am the one getting killed :/
candid geode
You are still the king somehow.
idle harness
yessir
fair adder
ebon heron
i cant join rn
fair adder
k
candid geode
H1 Medium game, here is the invitation:
https://tryhackme.com/games/koth/join/2de21a25560973e80feea599
signal hinge
fair adder
helo π£
candid geode
https://tryhackme.com/games/koth/join/20f0ab4fae9ff3914abecf8b
https://tryhackme.com/games/koth/20049
Starting in about 15 minutes.
graceful breach
@candid geode hi
candid geode
<@!510116322722447360> hi
Hello.
candid geode
3 minutes left.
candid geode
It is the hackers machine.
graceful breach
no still bruting hydra
graceful breach
I am taking longer than usual on this one.
did u got
candid geode
I think the password isn't in my wordlist. Gotta use a backup plan.
graceful breach
I think the password isn't in my wordlist. Gotta use a backup plan.
password doesnt seems in note
graceful breach
I think the password isn't in my wordlist. Gotta use a backup plan.
i think we need to use rockyou
you got it right?
candid geode
you got it right?
Yes, went in through the backdoor
graceful breach
Yes, went in through the backdoor
ooh nice
graceful breach
Check the main page. I left something for you.
ok
graceful breach
Check the main page. I left something for you.
lol
candid geode
Reload again.
graceful breach
i am joining ur party
ebon heron
jiakang changing web is illegal?
candid geode
jiakang changing web is illegal?
There wasn't anything useful to be honest.
candid geode
its allowed right?
It doesn't say it in the rules, but after if you modify the content and the machine becomes totally unavailable, then that would be illegal.
ebon heron
i mean if you change that contenet at backdoor
at hackers
its not illegal
cuz you are not deleting you are only closing roads
am i right
ebon heron
i need to read the rules
fair adder
changing the content is ok but you can't delete it because then it would be pretty much the same as deleting a privesc vector binary instead of fixing its permissions or whatever
fair adder
https://tryhackme.com/games/koth/join/6d1cc43a4b6132ae7a961982 starting in 10 min
last ether
Is the machine working?
delicate cedar
Ah, I thought it's gonna be linux machine
last ether
Or is should I renew my vpn config?
fair adder
it isnt working for me aswell
delicate cedar
urban vortex
i hope its an easy one XD
fair adder
i hope i dont get smashed
urban vortex
if i get 1 flag ill be happy
ebon heron
why we have so much cats at the chat
urban vortex
lmao
ebon heron
i need to be ca ttooo
ebon heron
ok now its good
last ether
Can anyone access the machine?
Oh it looks like it
Cause @delicate cedar is already king π€£
I realized I wasn't connected to my vpn π₯ 
ebon heron
my cat is better
urban vortex
i should stick to my courses XD
last ether
my cat is better
Strongly disagreeeπ€£
ebon heron
actullay we have same pp but the cats are diffrent
my cat try harder
your cat is playing minecraft
lol
last ether
Your cat is watching some NSFW content
candid geode
Your cat is watching some NSFW content
I saw your profile picture before, but as a gif.
last ether
Yeh
idle harness
@green axle gg?
green axle
<@!754004458085679266> gg?
Hmmm
green axle
<@!754004458085679266> gg?
What
green axle
thought u left
No i'm still here
idle harness
get king π ?
green axle
I can no longer since you gave him all the permits, but I still took away the position of king
π¬
idle harness
;-;
green axle
How did you manage to stop my process?
idle harness
gg
dapper yew
Koth on fire nowdays π
fair adder
helo π£
https://tryhackme.com/games/koth/join/9fd4c6e761ac5517d30f8d47 anyone up for a game π£
quaint patrol
https://tryhackme.com/games/koth/join/c44b2519f64b0a5b0591d406
Come over to the KOTH voice channel to chat as we hack π
candid geode
How do I get ssh to start working again?
Someone in my game may have terminated the ssh service and I can't get it to working.
Ah, no wonder it wasn't working.
nova tide
Ah, no wonder it wasn't working.
game id?
candid geode
nova tide
can you see who else is in the machine? their ip.
also screen shot for that cat killssh.sh file if possible.
use w to see their ip
candid geode
I have their ip, but I can't find the killssh.sh.
It isn't in /var/src
They do have a lot of scripts in /var/src.
nova tide
find / -name killssh.sh 2>/dev/null
candid geode
``find / -name killssh.sh 2>/dev/null``
I'll try that.
nova tide
dm me their ip as well, screenshot if possible.
nova tide
I'll try that.
DM me the machine ip, i can try to check.
nova tide
rip
nova tide
well i didn't patch anything after getting in anyways
nova tide
changed back the password for fortuna to the one you find in creds just in case if you had changed it
dapper yew
@graceful breach you can ask it here , people are helpful π
fair adder
yo
can i report i player for reseting the machine without reason?
its not broken or anything but he keeps reseting it because i get root first
nova tide
can i report i player for reseting the machine without reason?
Not really against the rules.
fair adder
rule 10 doesnt apply to this?
nova tide
π€·ββοΈ
fair adder
glacial void
hello, any tips on offline windows machine?
dapper yew
Hint : ||its all metasploit ||
glacial void
i'm curious how much koth is the same as real life hacking
quiet schooner
Not really similar
Seeing as people won't be hacking the same stuff to try and boot you out at every turn
fair adder
and run nyancat on your tty
fair adder
ok reseting the machine without reason isnt against the rules, but this is getting so annoying...
winged charm
ok reseting the machine without reason isnt against the rules, but this is getti...
if it is being abused it is actually against the rules and I suggest you report it here to the koth-staff or send an email to koth@tryhackme.com
terse willow
(Naughty said otherwise above, but I'm inclined to agree with you on this one Cry)
winged charm
Im just going off the rules but I really dont have any say here as Im no longer a staff member
graceful breach
<@!780400901553782824> you can ask it here , people are helpful π
π
Hellow guys , anyone knows how to execute our name to king.txt continously
graceful breach
you can use loops
thanks π
fair adder
may i dm you? @graceful breach
ebon heron
(^v^)
graceful breach
may i dm you? <@!780400901553782824>
sure
urban vortex
@fair adder u wanna split the king XD
urban vortex
im not getting any points while king ?
graceful breach
im not getting any points while king ?
u are getting points if u becOme king
urban vortex
π¦
urban vortex
ill get that first win oneday
fair adder
π£ you never won?
urban vortex
did u write a script to keep changing king.txt ?
urban vortex
oh
fair adder
because im a complete newbie on windows
urban vortex
i tried changing it couple times i thought u wrote a script for a moment XD
fair adder
lets hope for a linux machine
urban vortex
wait i have a question
did u get kicked out of ur session ?
previous ctf
coz i was trying something
fair adder
yes
urban vortex
yeah i saw them both
fair adder
how did you do that?
urban vortex
open task manager
users
u can see everyone connected to the pc
u can rightclick and signout
fair adder
k
i dont understand why it showed "youre not part of admins group" everytime before it kicked me out tho
urban vortex
idk
i tried deleting ur user so when u use rdp it doesnt work
i also dont know if that worked
fair adder
administrator?
urban vortex
no i hide it
fair adder
hm
urban vortex
wait are u sure u deleted mine ?
because everytime i go to users to check for new ones
mine was still there
fair adder
i ran net user juba /delete
and net user juba after
and it showed no user with that name
or smth like that
fair adder
lol
urban vortex
but u still can delete it
urban vortex
i want to get better at shells but the room is very boring
not much activity more reading
fair adder
im not subscribed ;s
terse willow
@urban vortex not gonna get very far in this industry if you can't sit down and digest information, I'm afraid
urban vortex
i agree, its a habit that can be developed
fair adder
i personally love to just read stuff
but feel the need to put it to practice after
@urban vortex good luck
urban vortex
u2 my friend
finite garden
Hello guys is this legal?
[shrek@shrek ~]$ Connection to 10.10.246.114 closed by remote host.
Connection to 10.10.246.114 closed.
Guy just shuts down 22 port.
urban vortex
its okay to change port but not close it
urban vortex
im playing with you too did you check if he changed it to another port ?
@finite garden its open
finite garden
<@!584090729551364106> its open
yes Yes now π When he make 325 points and he is king for 20min
ofc he will open π
and its closed again π
finite garden
im playing with you too did you check if he changed it to another port ?
PORT STATE SERVICE REASON
3306/tcp open mysql syn-ack ttl 63
8009/tcp open ajp13 syn-ack ttl 63
8080/tcp open http-proxy syn-ack ttl 63
9999/tcp open abyss syn-ack ttl 63
65432/tcp closed unknown reset ttl 63
urban vortex
finite garden
Its ok π
Some people dont want to have fun playing koth π
i wont be lazy to report him π
fair adder
yo anyone? https://tryhackme.com/games/koth/join/1054b342ae62720bd7019fcf 4 min
fair adder
stiff egret
i wont be lazy to report him π
Check pins, you'll see a msg for how to report info.
finite garden
Check pins, you'll see a msg for how to report info.
Thanks i already did it π
stiff egret
Also, sometimes, some players shift the ssh to a v. higher port, like, 60000 or something.
finite garden
Also, sometimes, some players shift the ssh to a v. higher port, like, 60000 or ...
Yes i know π but sometimes they just shut it down D: hahah
stiff egret
True that. Hence the report option.
ebon heron
PORT STATE SERVICE REASON
3306/tcp open mysql syn-ack ttl 63
80...
big chance its the last port that random one but its close
finite garden
big chance its the last port that random one but its close
i try but its not
ebon heron
cuz its close
finite garden
cuz its close
Yes π so thats illegal stuff to doing on koth and i report that guy
fair adder
https://tryhackme.com/games/koth/join/39688cc9dbac5ee39321c8da anyone? starting in 2 min
fair adder
https://tryhackme.com/games/koth/join/1e560aff81d05b89c85d64ef starting in 8 min π£
fair adder
https://tryhackme.com/games/koth/join/79901ad13fb824720fbb3477 starts in 2 min π£
come play π π£
nvm its h1:medium
candid geode
https://tryhackme.com/games/koth/join/087f6222795a32726b9885c1
I finally have time to play again.
last ether
Voice chat?
Does running tmux on zsh make it crash on Kali?
Cause it just logged me out of my system π
Anybody else face this issue?
cerulean maple
Nope
candid geode
And that just cost me this game
Are you the one logging in with Bobba?
last ether
Are you the one logging in with Bobba?
I cant even ping the machine
candid geode
10.10.237.81, it is up and running.
candid geode
last ether
nova tide
You forgot to blue the ip in other lines π
last ether
You forgot to blue the ip in other lines π
I was only blurring my ip
π€£
I know I am connected to the THM network because tun0ip gives me my ip address
fair adder
yo anyone up for a game? https://tryhackme.com/games/koth/join/5374f358889434a03e918797
last ether
https://tryhackme.com/games/koth/20285
This game was terrible for me. Needed to enumerate the box again π. But these days everyone gets king in the blink of an eye π€
last ether
yo anyone up for a game? https://tryhackme.com/games/koth/join/5374f358889434a03...
How long?
fair adder
15 min
fair adder
π π£
fair adder
yo anyone up for a game? https://tryhackme.com/games/koth/join/5374f358889434a03...
5 min to start π join pls π£
nice
i forget about the vpn once again
koth was kinda dead yesterday
i missed killing shells π
candid geode
but why do i always forget the vpn
What do you mean by forgetting the vpn?
fair adder
i forget to connect to the thm network
and i take a while to realize that
so i have a late start
harsh obsidian
Oh I've been there!
candid geode
Does it like automatically disconnect over time?
ebon heron
i forget to connect to the thm network
you always do it π€£
fair adder
Does it like automatically disconnect over time?
i reboot quite often tbh
my hardware is far from being good
lol
candid geode
i reboot quite often tbh
Oh, reboot. That makes sense.
ebon heron
π₯
candid geode
Players keep resetting the machine in my game. What should I do?
nova tide
send invite link here, i join so they might need more votes to reset
last ether
Someone is using this!
dapper yew
no wonder what people can do just to win .
stiff egret
As I said, please post the outputs of bothw and ps aux|grep ssh in one screenshot
That way I can confirm who is breaking the rules
dapper yew
@last ether maybe remove that script so that it doesnt pass on
stiff egret
The user is Kalighost404
@nova tide ^
candid geode
The user is Kalighost404
KaliGhost always plays dirty. He was the one script-killing my space jam shells last time.
ebon heron
some people are playing to have fun other to kill shells.
nova tide
The user is Kalighost404
Looking into it π
fair adder
afk in koth lol
candid geode
I found kalighost and his scripts again.
Hell, I managed to take him out before he got the time to run all of these.
killssh.sh just kills all ssh shells.
stiff egret
Anyone who wants to report someone, for running malicious script, please follow this:
-- w ; ps aux | grep <the script name you think is malicious>
So we can identify who is running the script.
In this case,
w ; ps aux | grep killssh
candid geode
I waited for him to run his scripts, but he didn't this time.
last ether
In this case,
`w ; ps aux | grep killssh`
Sometimes the w doesn't give any results
candid geode
I do have the source code of the scripts, in which he has his ip and username.
last ether
I do have the source code of the scripts, in which he has his ip and username.
Me too π
stiff egret
Sometimes the w doesn't give any results
In those scenarios, it's really hard to identify without involving logs.
In that case, report whatever you get to the email provided in pins.
last ether
Hmm ok
candid geode
I got this:
fair adder
okay lets do this before blackmetal wakes up
fair adder
https://tryhackme.com/games/koth/join/8cafbc31ca637fdd187c8c46 @fair adder @hazy zodiac
candid geode
I always do:
ps -eaf --forest
stiff egret
I got this:
the problem in that screenshot is that I cannot verify the pts from that screenshot on which the script was running.
gusty cradle
10.4.23.250
fair adder
lets play
stiff egret
Yeah, f is shorthand for --forest
fair adder
how do i make a gif my pfp
stiff egret
`10.4.23.250`
can't be certain
fair adder
come faster it starts in 2:30 min
stiff egret
how do i make a gif my pfp
on thm or discord?
hazy zodiac
aye
fair adder
on thm or discord?
thm
hazy zodiac
les go
candid geode
the problem in that screenshot is that I cannot verify the pts from that screens...
Yeah, but I will have to play another game with him, because this one has ended.
gusty cradle
You could once, but it was removed
fair adder
I don't know if you can anymore, it was once a bug.
i used it Β―_(γ)_/Β―
candid geode
Yeah, but I will have to play another game with him, because this one has ended.
I also can't play today anymore, I got work to do.
stiff egret
been so long I've played.
gusty cradle
Which box are you doing? π
fair adder
shrek
gusty cradle
Ahh I think I have flags stored somewhere
fair adder
Ahh I think I have flags stored somewhere <:kekw:658061932577816606>
heyyyyy π
remmeber that one time i gave you chips
it's not fair chuin is 0xD
hazy zodiac
me n00b
hazy zodiac
lets go
fair adder
im scared for some reaosn π€£
don't forget to connect to openvpn
what how do i start
okay let me do that
okay what now
stiff egret
Scan the IP
enumerate for vulns
things that you do for regular boxes.
Bonus: Give the pinned article a read.
fair adder
okay thank you so much
fair adder
gosh this has to be easy
hazy zodiac
ikr
stiff egret
You can login using ssh via multiple ways
if you have the ssh key, you can use something like:
ssh -i sshkey username@IP
make sure you change key's permissions beforehand,
chmod 600 sshkey
If you are new to this, I'd suggest do give some easy/medium rooms a try once.
stiff egret
stiff egret
i did ssh -i id_rsa shrek@1.1.1.1
yeah, that's correct
fair adder
someone closed my connection
is that a thing?
yes
it was chuin
okay that is so cool
i know he did it to me, but thats really cool
stiff egret
Yeah, this is a defense/attack game, people get in first, they patch, if someone has a shell, they kill the process ID.
stiff egret
Watch videos of John Hammond on KoTH.
He made some awesome content on YT
streamed a lot 5-6 months back if I am correct
fair adder
bet thank you.
frick i cant get ssh
same bruh
he's good at this
imma exploit it
fair adder
i hope my patch work
your good at this
u son of a
can you go against @fair adder ? chuin
imma exploit it u son of a
chuin
fair adder
IM STUPIDEST PERSON EVER
fair adder
almost
hazy zodiac
i only patched 2 stuff
stiff egret
Watch it
fair adder
i cant upload reverse shell
stiff egret
Keep it PG13.
fair adder
oh sorry
fair adder
yes
hazy zodiac
then why u havent got shell yet lol
hazy zodiac
ok imma go sleep
fair adder
im giving up
fair adder
can you go against <@456226577798135808> ? chuin
wat
fair adder
wat
can you go against @hazy zodiac in koth i wanna watch and see wh owins
ok
send location
smesh
me smesh chuinzer
LMAO
stiff egret
Private/Public?
harsh obsidian
Has anyone, in the history of Panda, managed to find all eight flags. I've got seven but for the love of life, the universe, and everything I can't find the eight daggone flag....
I'm starting to doubt it exists....
nova tide
I got 7 as well but haven't tried to look for 8th.
fair adder
who stole the 8th flag
harsh obsidian
I got 7 as well but haven't tried to look for 8th.
Oh, I've been looking for that eighth. It feels like looking for the lost city of Atlantis
candid geode
Oh, I've been looking for that eighth. It feels like looking for the lost city o...
It is probably hidden deep inside the /dev/urandom file.
harsh obsidian
It is probably hidden deep inside the /dev/urandom file.
lmfao