you only learn by trying
#koth
wind fjord
somber marsh
alright, why not
how does it work, btw, do I need an attackbox, my kali VM or is it another thing entirely
wind fjord
how does it work, btw, do I need an attackbox, my kali VM or is it another thing...
just like any other box on thm as far as I'm aware
so whatever you normally use
fair adder
i like using my own kali machine π
wind fjord
are you guys willing to wait the 20 mins?
you could probably end this and set up a new room to start in 10 mins?
idk
fair adder
you could probably end this and set up a new room to start in 10 mins?
okay sending now
Don't forget to leave the other game @
5 mins!
get your machines ready!!! wahooo XDD
I found the freaking flag but not sure how to decode it!!!!
i already tried base64
somber marsh
yep, one sec
fair adder
how did you decode it?
somber marsh
quiet schooner
Let's not post most of the flag though, Roki
fair adder
it's double encoded
Dude you found the second flag???
fair adder
yeah, logged in through SSH
i'm using metasploit to log into the apache server
not working out for me
somber marsh
I didn't think of trying that
fair adder
i don't think it works
somber marsh
happy to hint at what I did if you want
fair adder
happy to hint at what I did if you want
Yes please !
after the game if you will ?
i'm still trying to figure out how to freaking bruteforce the loging directory
and/or ssh into the apache server
somber marsh
I've taken some some basic notes so I can recap
I don't think one can ssh into a server?
wind fjord
are all of the flags encrypted???
fair adder
I'm so jealous π¦
somber marsh
no idea how to do that or to even find out that there is a shell
somber marsh
oh, there's a guide
fair adder
but hey i found a flag !! maybe two
somber marsh
awesome
wind fjord
very close game
somber marsh
you blocked echo, huh?
wind fjord
no
somber marsh
good game tho, a minute longer and you'd have it with the 5 flags I would think
wind fjord
yeah yeah
wind fjord
good on you for at least finding one flag
somber marsh
this was nerve-wracking π
fair adder
So
somber marsh
where is the 5th flag tho
wind fjord
There were 6 on the box I think
fair adder
how the f*** did guys root?
what methods did you use??
i was trying to use the metasploit /tomcat/upload bypass
and it didn't work?
somber marsh
I just typed sudo -l and it showed me what I can run as sudo
I brute-forced shifu's password with hydra
found other credentials too, but those didn't get me anywhere
fair adder
I brute-forced shifu's password with hydra
i saw the hint !!
shifu eats noodles lmao
that was the username huh ???
somber marsh
yeah, along with po, which I found with wpscan
wind fjord
I also used wordpress to get in
fair adder
see i was close
somber marsh
no, hydra gave another password
somber marsh
yeah, found those two with gobuster, and then ran wpscan to find credentials
fair adder
Then i found this
wind fjord
I bruteforced po's password on the wordpress site, then gave myself a reverse shell using the plugins
fair adder
did anyone do anything with this? if so waht did you guys end up exploiting on ?
somber marsh
ooh that's cool
fair adder
I bruteforced po's password on the wordpress site, then gave myself a reverse sh...
That is very cool
somber marsh
I got po's password too, but I didn't find where to log in
wind fjord
it's almost always /path/wp-login.php
fair adder
it's almost always /path/wp-login.php
yes i found this
somber marsh
oooh
fair adder
but some reason it wouldn't let me acces it
somber marsh
I didn't, I killed the gobuster scan early by accident and didn't bother with it again
wind fjord
the dns wasn't configured correctly, so you needed to add it to your /etc/hosts
I learned that one from the wreath network, and I was able to access the full website
fair adder
the dns wasn't configured correctly, so you needed to add it to your /etc/hosts
what you mean overwrite the sub domains
somber marsh
oh, I thought it was fine since I could open the site in the first place
fair adder
you mean like this echo "10.10.92.30 overwrite.uploadvulns.thm shell.uploadvulns.thm java.uploadvulns.thm annex.uploadvulns.thm magic.uploadvulns.thm jewel.uploadvulns.thm" | sudo tee -a /etc/hosts
wind fjord
that's one way of doing it yeah
somber marsh
that's one way of doing it yeah
what did you do btw, echo stopped working for me and i couldn't put my name in king.txt, vim worked, but I have no idea how to use it, so I couldn't save
wind fjord
echo was working fine for me
fair adder
what did you do btw, echo stopped working for me and i couldn't put my name in k...
so that's how it works?
you need to put your name inside the king.txt?
somber marsh
yep
fair adder
that is sickkk
somber marsh
echo "name" > king.txt
fair adder
LOL
somber marsh
but it didn't work after a point
wind fjord
I just ran a loop as a background job to echo my name into the file every 0.1 seconds
fair adder
I just ran a loop as a background job to echo my name into the file every 0.1 se...
what the flying fuck
wind fjord
I don't know bash scripting that well, I just saw John Hammond do it once and I literally opened up the video I saw him do it in for the syntax
fair adder
dude we were playing with freaking thanos
somber marsh
that's super cool
somber marsh
I know some python and kotlin, but not enough to do anything with it
fair adder
so how would i have been able to kill that loop?
wind fjord
jobs should give you a list of background jobs that are running
fair adder
it's clearly a service/process running no?
fair adder
`jobs` should give you a list of background jobs that are running
ohhh okay
so something like pkill or killall
somber marsh
didn't even occur to me
wind fjord
pretty much
wind fjord
didn't even occur to me
that was like the one trick I had going into this lol
fair adder
very nice
somber marsh
the best trick of us all
fair adder
you went in
wind fjord
balancing patching, persistence, and looking for flags is so hard
I kept killing your shells because I literally had no idea what else to do lol
fair adder
balancing patching, persistence, and looking for flags is so hard
multi tasking at it's finest
LOL
somber marsh
I got like a few flags with just one command as root
wind fjord
I had no clue where else you guys were getting in
wind fjord
I got like a few flags with just one command as root
yep
fair adder
how would u do this ??
wind fjord
that's in the guide
somber marsh
find / -name flag.txt
somber marsh
there were none
wind fjord
find / -name flag.txt
did you remove chattr when you got root or was that just not on the box?
somber marsh
I thought that was when looking for suid files
wind fjord
there were none
if you're not root, i mean
fair adder
i also wanted to use metasploit since it hides me from you guys even more
it doesnt' include that python3 importty
somber marsh
it wasn't on the box, I tried the trick after you send the guide for persistence
wind fjord
ah
fair adder
when you guys do the ps -aef --forest you can see what the attacker did
but clearly i wasn't able to root so i coudln't do this
somber marsh
I don't know what that is π
wind fjord
i also wanted to use metasploit since it hides me from you guys even more
metasploit kinda slow considering how these boxes are made
somber marsh
I think you maybe jumped the gun with metasploit, yeah, the way I got in was super simple
I was surprised
fair adder
I don't know what that is π
if you ran ps -aef --forest you could of seen the background/service of that loop An00b did and killed it
wind fjord
that's neat
somber marsh
I'm taking notes π
wind fjord
Guess I'm playing this a lot more now
somber marsh
saaame
fair adder
4:44
wind fjord
I felt so slow getting in though that I feel if anyone that was actually good at this would crush me
somber marsh
oh yeah, I would definitely be crushed too
fair adder
I felt so slow getting in though that I feel if anyone that was actually good at...
same ! i thought everything was going to crash on me like last time
thankfully it was pretty fast this time
somber marsh
better to try and stick around people our level
fair adder
i'm reading that now on the koth guid π
wind fjord
there's also a room for it on tryhackme
wind fjord
uses Rust instead of whatever nmap does
wind fjord
rustscan builds on nmap, so it's not an entirely different thing
fair adder
whew
somber marsh
I'll make sure to install it and do the room
wonder if there was anything one could do with those samba shares
fair adder
wonder if there was anything one could do with those samba shares
i think there is an smb exploit
wind fjord
I was trying to, but I couldn't figure out what was going on with that binary
fair adder
using metasploit
somber marsh
I tried too, but I've only done something with it once or twice
I think enum4linux and some nmap scripts can deal with that
fair adder
nmap can be used at a very high potential i haven't really unlocked yet
nmap cookbook is a book on my list
wind fjord
It was kind of funny finding things that I knew could be exploited, I just didn't know how to do them
somber marsh
same, really π I know it can be done, just definitely not how
fair adder
there were like only 1 or two vectors i seen after running nmap
then 2 more when i ran gobuster
wind fjord
like the /cgi-bin/ directory defo had something to it
I've just never done something with that
fair adder
like the /cgi-bin/ directory defo had something to it
did you find this with nikto?
wind fjord
found it with gobuster
somber marsh
I forgot to try nikto
wind fjord
I almost never use nikto, and I don't know if that's good or bad
It's just slooooooow
somber marsh
I had some time to chill and try stuff before you got in and looped me away
somber marsh
see ya
somber marsh
let's play again sometime !!!
let's!
somber marsh
I'd try and play more often now that I have finally seen what it's like
somber marsh
I'm likely to be here, you can ping me
fair adder
i'm going to freshin up on my skills and finish reading this blog then go to store to get some groceries !!
fair adder
I'm likely to be here, you can ping me
Thank you, i will ping !
sour vectorBOT
Gave +1 Rep to @somber marsh
somber marsh
great!
wind fjord
It wasnβt chattr, just a loop written in bash
fair adder
It wasnβt chattr, just a loop written in bash
but this was done to the root/king.txt file no?
wind fjord
Yeah, I would give you the one liner, but I honestly think itβs to your benefit to learn bash scripting, so the pseudo code is
while(true)
echo <name> > /root/king.txt
sleep(0.1)
Wow man
Thank you @wind fjord
fair adder
Yeah, I would give you the one liner, but I honestly think itβs to your benefit ...
UGh i got so much too learn!!!!
wind fjord
chattr just changes permissions, in a sense, so putting that in a loop wouldnβt really help as much as other things would, especially when that binary is one that gets manipulated a lot
wind fjord
Thank you <@!388760551947239424>
Np, just programming fundamentals
Note that you still need to go out and translate what I wrote into the syntax for bash
Because what I wrote will not work verbatim
fair adder
Because what I wrote will not work verbatim
good to note thank you!.
sour vectorBOT
Gave +1 Rep to @wind fjord
somber marsh
Because what I wrote will not work verbatim
thank you, I think I figured it out
sour vectorBOT
Gave +1 Rep to @wind fjord
fair adder
Are you guys ready for another koth game lol?
somber marsh
I am, just don't pick windows π
somber marsh
probably
lavish rain
Hey, anyone for koth?
latent osprey
I was doing koth and one person delete chattr binary now how can I get it again?
I tried getting it from my own pc but it is getting error
stiff egret
- Read the blog in pins
- You can download static chattr binary and use it.
latent osprey
Thanks
stiff egret
yes
frail ridge
Ok, nice
stiff egret
this is gonna be taken up for controversies, but
yes
stiff egret
- You know there are other ways to get a shell?
- You know you can noprofile your way in the box to not let bashrc load
- You do realise that validating tricks here will essentially make them public knowledge and mostly useless bc everyone will know?
frail ridge
well, i delete them π
latent osprey
1. You know there are other ways to get a shell?
2. You know you can noprofile y...
So how can we learn all these things? Then
stiff egret
Read the blog in pins
watch John Hammond videos
watch Optional's videos
Try the tricks on public/generally released KoTH machines, like food and hackers.
latent osprey
Hmm! I will definitely do this thanks ππ
sour zealot
very excited to see some more boxes
sour zealot
@lilac basin why you always nyancat
lilac basin
only one time
nova tide
*new KoTH boxes soonβ’οΈ*
Stop giving out spoilers
lilac basin
the moment of true @nova tide
fair adder
koth game anyone?
nova tide
starting in 10 minutes:
https://tryhackme.com/games/koth/join/e945bd4bb1ccb06a573f66ef
fair adder
Ayooo is the machine up ??
okay this machine is explicitly complicated
only 2 ports to work with and gobuster aint returning squat
nova tide
only 2 ports to work with and gobuster aint returning squat
use -p-
fair adder
use -p-
I ran this command now map -F -sC -sV -T4 -sU 10.10.68.56
i didn't even include the -p-
nova tide
that checks 1000 ports
fair adder
oh crap
nova tide
lol who reset the box??
fair adder
not I
i was wondering the same
i had to redo my entire nmap
and recon
i found these pages which i thought was funny
nova tide
Well too much for playing two games at a time i guess π
fair adder
nova tide
didn't knew when it got reset.. and someone was continuously killing my shell π
fair adder
I think that was non1mous
i saw he was admin when i went over to the 9999/admin page
Nobody submitted a flag lol
i was trying to get the flags
wind fjord
anybody want to play rn?
somber marsh
I'd play yeah
somber marsh
perfect
wind fjord
this is a weird box
somber marsh
yeah, I've almost exhausted everything I can think of
I think something finally worked, hmm
somber marsh
it's literally my second game π
wind fjord
same
somber marsh
i still don't know how to kill shells
blazing bane
shells on client or server?
fair adder
i still don't know how to kill shells
How did you manage to get shell?
nova tide
i still don't know how to kill shells
ps aux | grep pts
kil -9 <pid>
somber marsh
nothing more I can do in this game
somber marsh
``ps aux | grep pts``
``kil -9 <pid>``
thank you
sour vectorBOT
Gave +1 Rep to @nova tide
somber marsh
How did you manage to get shell?
found some weird output in the scan that looked like a hash to me, turned out it's base64 encoded with credentials
wind fjord
that is also how I got in
somber marsh
couldn't find any other way
blazing bane
welcome to the world of enumeration
somber marsh
gotta research how to bypass whatever you did to the king.txt
fair adder
Wow
wind fjord
There were a couple of other ways I found, but using those credentials was the easiest way
fair adder
I need upgrade my nmap skillz
wind fjord
There was lfi and a nfs share, I was just struggling to use them the way I wanted
somber marsh
I switched to rustscan as per advice here and in the guide
scanned all ports in seconds
yeah I found the mounted share, but didn't really know what to do with it
wind fjord
For some reason showmount just wasn't working? I haven't exploited/read enough nfs-stuff to know where to go
I was able to patch 1 vulnerability, which is better than last time, so I'm happy with myself
somber marsh
I do not know how to patch things so π
I have the basics down, so I can probably get in, get root and then I'm lost
wind fjord
gotta research how to bypass whatever you did to the king.txt
I know you did something with chattr, so I removed the bits that you used and then hid the chattr binary
somber marsh
so I would either have to find it or upload my own?
wind fjord
yep
wind fjord
I have the basics down, so I can probably get in, get root and then I'm lost
best place to start (after finding a way to persist) is to close up how you got in
although I couldn't find how to close up the port I used
somber marsh
I believe we're allowed to change passwords, but I feel like that would be kinda mean especially when we're not super experienced
I tried to change root's password so I can log in directly but I screwed that up somehow
wind fjord
I believe we're allowed to change passwords, but I feel like that would be kinda...
I'd say it's fair considering there's always 3+ ways to get in
somber marsh
considering I found only one, I'd have been locked out π
wind fjord
fair enough
still have no idea what that first page did, never got around to looking at the php code
somber marsh
didn't see anything there
found another page with an image, but steghide wanted a passphrase
wind fjord
yep
blazing bane
in the mantra of offensive security, try harder
wind fjord
o7
somber marsh
I would, but there are huge gaps in my knowledge, started with this only 2 weeks ago
blazing bane
well... you're passing everyone that didn't start. so keep pushing my friend
somber marsh
well... you're passing everyone that didn't start. so keep pushing my friend
thank you, I will, trying to do and learn something every single day
sour vectorBOT
Gave +1 Rep to @blazing bane
frail ridge
``ps aux | grep pts``
``kil -9 <pid>``
i have seen shells that doesnt have pts
nova tide
i have seen shells that doesnt have pts
you gonna kill the shell with pid anyways.
cold token
How to report someone in koth guys??
errant marten
How to report someone in koth guys??
If you suspect a player of cheating or rule-breaking, email koth@tryhackme.com with the game id (shown in url) and players username if possible. We can investigate..
cold token
Hey if player g0dmax55 here i would like to say ur a dirty player and i already reported u to koth@tryhackme.com good luck in cheating again
tidal juniper
@cold token what kind of action did he do?
frail ridge
we have seen some players scanning other users
fair adder
we have seen some players scanning other users
Wasn't that reported by blackmetvl
cold token
@tidal juniper he waited the king file to give him more 10 points so now he got more points and kept resting the machine every second so its impossible to connect to it again no ssh no ftp nothing at all and this is considered as a dirty cheating and unacceptable
fair adder
<@300479473239982092> he waited the king file to give him more 10 points so now ...
Number of players playing that game?
cold token
Its only me and him thats why he can always reset it
fair adder
Yup then it's a reportable thing
Dw support staff is too nice... they'll take the proper decision if any rule is offended
cold token
I just sent an email i think thats enough
stiff egret
Please send an email to the koth@tryhackme.com with relevant screenshots and information.
cold token
@stiff egret i did but without screenshots
@stiff egret all informations needed was sent today
stiff egret
NP, Please send screenshots afterwards, that shouldn't be an issue, Add game ID/link, the player you think was cheating, why you think they were cheating.
Stuff like that. Not limited to, that's just an example
cold token
@stiff egret info sent was
Game id
Player's username
Report reason
I didn't send a screenshot cause it wont be useful at all to see the ip it will look normal
stiff egret
Alright, great, someone will reach out to you or some action will be taken.
fair adder
Holmes can I dm?π¬
stiff egret
Sure, though my replies can be a bit delayed :)
sour zealot
cold token
@sour zealot dude what the h3ck lmao i thought it ended and opened it from my phone now it counts that i lost the gameππ
shadow pivot
somber marsh
when does it start
sour zealot
somber marsh
definitely got stuck on the previous one
isn't there supposed to be a flag in the flag directory at least
sour zealot
idk but I get it because space-jam has like 2 ways to get in I think.
somber marsh
no idea, but I couldn't do anything
any room that would help me understand what the way is there?
somber marsh
https://tryhackme.com/room/kothfoodctf
https://tryhackme.com/room/kothhackers
thanks, I'll definitely practice those
sour vectorBOT
Gave +1 Rep to @wind furnace
wind furnace
Happy hacking
somber marsh
I guess I got really lucky the first two times I played with simple machines
ashen parrot
Any beginner interested in playing koth with me for practice
north stag
@ashen parrot still up?
ashen parrot
Yes
fair adder
@nova tide can i talk to you in dms?
nova tide
<@!267010557889085440> can i talk to you in dms?
Sure
ashen parrot
Any beginner interested in playing koth with me for practice
fair adder
@ashen parrot ye
fair adder
<@!836816960499089449>
go easy
have you ever beat naughty @fair adder @fair adder
no
im too slow
go easy
i only have time for one hackthebox machine a week
im too rusty now
are you a skid now
yes
it will be windows machine
?
what
why reset
i didnt vote but my reverse shell wasn't working so i rage quit
:))))
wind fjord
another reset?
cold token
@fair adder @wind fjord the machine broken or what??
All the shells are deleted in a second
fair adder
i am deleting them
wind fjord
I just assumed someone patched the file upload
fair adder
:))
wind fjord
yep
fair adder
<@456226577798135808> <@388760551947239424> the machine broken or what??
i left
cold token
i am deleting them
But the first time u didnt have time to
fair adder
idk if blackmetal patched it in the VERY beggining but reverse shell upload didnt work
it was like 3 min in
cold token
Yea exactly
fair adder
so i don't think he patched it at the time
box was just plain broken
anyway idk why reset the machine tho
there are other ways in
there's another file upload
in another port
thats what i did
||port 83||
cold token
@fair adder we thought it was broken thats it
cold token
@fair adder idk this machine so gg anyways
fair adder
yeah this is the one machine i can't do
fair adder
i love this one
nova tide
i will stop the loop
why would you want to just kill all shells in loop?
how that would be blue teaming?
nova tide
deleting files != patching....
fair adder
nova tide
Please refrain from doing that in the future.
You can simply just edit the code.
deleting files from the webserver would be the same as making that service unavailable.
nova tide
That you can do.
fair adder
sorry for being unclear :)))
fair adder
no
fair adder
evan plays koth
@fair adder come play koth with dop4
please?
OH MY GOD
what do i pay you for
nova tide
any body play koth
if you are still looking for someone to play with i can join in π
olive fiber
Hello
terse willow
if you are still looking for someone to play with i can join in π
Stop terrorising people smh
sour zealot
nova tide
Stop terrorising people smh
But i just wanted to play ππ
fair adder
fair adder
https://tryhackme.com/games/koth/join/8f84c8d936e150e7828a3ea6 2 min
@fair adder
i surrender
pls stop
sour zealot
sour zealot
primal scaffold
Wish i knew how to play koth
sour zealot
Wish i knew how to play koth
fair adder
zealous wolf
fair adder
https://tryhackme.com/games/koth/join/142857039a3ac845202a1294 2 min
@fair adder
fair adder
im sad
tried to go for blood on the new htb machine but had problems with the vpn for almost 10 minutes
ended up 64th
@fair adder your fault
fair adder
<@456226577798135808> your fault
yeah i actually have root access to your vpn
i kicked you off a lot
i knewu it
wind fjord
No that's allowed
lone cobalt
i dont know much
wind fjord
If I wrote a script to always throw that on you, maybe then it's illegal
But I didn't
I will tell you now, no cap, I did not camp and try to keep springing it on you
lone cobalt
Well i shud say, you shud focus on defense and not trashing shells of ppl.
I just made my shell give me revshell every 10 sec, so you're actually doing good by not making my shell die.
wind fjord
I was
lone cobalt
So if you trash my one shell, i get another
wind fjord
I was trying to patch the file upload vulnerability, and I removed the private key that was just out there
lone cobalt
Focus on patching up things.
lone cobalt
I was trying to patch the file upload vulnerability, and I removed the private k...
actually you didn't it worked till the end.π
wind fjord
you see the key word is tried
wind fjord
I was going to do that, but nano wasn't on the box, and neither was busybox, so I was trying to learn vim to fix the file upload, then take care of the ssh stuff
lone cobalt
So as you already knew, i got with user || shrek ||, Hence, I didn't use the file upload vulnerability
his || private keys ||were hanging in random file.
wind fjord
yeah
I get that I probably should have regened the ssh keys and then taken care of the file upload.
lone cobalt
yeah it would have fixed everything.
wind fjord
I just wanted to patch the file upload first for learning purposes, but I understand your point
lone cobalt
I was trying for the kernel exploit.. I don't know why it didn't work
lone cobalt
I just wanted to patch the file upload first for learning purposes, but I unders...
Nonetheless , well played.
wind fjord
well played to you too
The wall would have gotten me had I not known how to deal with that
inland harness
Can I play King of the hill without being level 9?
nova tide
Can I play King of the hill without being level 9?
You can even play at level 1. The least thing you need is to set your experience level to intermediate/advanced in your profile.
inland harness
Ok, thanks
nova tide
good luck, have fun.
visual beacon
That's pretty cool π
zealous wolf
terse willow
Focus on patching up things.
You say that, but honestly, I'd be quite happy throwing that at an attacker IRL π
wind fjord
Hitting someone with a nyancat in koth does feel very good
fair adder
ok
π£
@wind fjord i use arch
@wind fjord u want to play without killing shells?
wind fjord
sure
fair adder
ok
wind fjord
nyancat allowed or no?
fair adder
thats ok
wind fjord
cool
wind fjord
rip
wind fjord
I just got in the box
fair adder
ok
wind fjord
really sorry to do this, but something just came up so I'm going to have to leave the game
gg though, you did nice for not having hydra at first
fair adder
gg
wind fjord
alacritty is acting abikt weird
Whatβs alacritty btw?
wind fjord
Neat
fair adder
@fair adder
rocky viper
primal scaffold
nyancat allowed or no?
what is nyancat ?
primal scaffold
https://tenor.com/view/nyan-cat-rainbow-cat-kitten-kitty-gif-5716621
I mean is there a tool called nyancat
primal scaffold
https://github.com/klange/nyancat
but thats just a meme tool how is it useful in koth ?
sour zealot
upload nyancat on the target and you can do something like ./nyancat > /dev/pts/<number>
Add & to run it in the background
It is usefull because it basically kills there shell but in a fun way.
sour vectorBOT
Gave +1 Rep to @sour zealot
golden oracle
hi, simple question, when a new koth is released the first person to finish it gets more points? like for being the first one?
golden oracle
oh sorry, i mean CTF? like the new "Thats the ticket"
quiet schooner
Well, this channel is for KoTH.
New challenge rooms will usually have blood points enabled. That's an extra 50 points per question for the first person to answer it.
golden oracle
Well, this channel is for KoTH.
New challenge rooms will usually have blood poin...
yep, i messed up the categories, thought it was koth π .
golden oracle
Well, this channel is for KoTH.
New challenge rooms will usually have blood poin...
also Thanks!
sour vectorBOT
Gave +1 Rep to @quiet schooner
eternal aurora
fair adder
https://tryhackme.com/games/koth/join/6083ed055aa00960cc71e4c8
@short tusk this is the link and then my username is β0xEvanβ
lilac basin
<@!270975958511517697> this is the link and then my username is β0xEvanβ
U canβt join in a game that is already finished
fair adder
U canβt join in a game that is already finished
look at #site-bugs
i was just showing jabba the game link because he asked for it
short tusk
I need the game link, not the join link :p
fair adder
how do i find that
stiff egret
Yes?
The link with the game ID at the end is the game link.
Usually the one in address bar.
The one that is being shared above, with the word join in the URL is the join link.
stiff egret
@tall cove
tall cove
Hah! I was too slow
stiff egret
(2 monitors and I am on my 4th coffee for tonight)
eternal aurora
ty for game β€οΈ
topaz kayak
@lilac basin thanks for the koth, that was my first time and I had no idea what to expect. More work to be done!!!
sour vectorBOT
Gave +1 Rep to @lilac basin
inner flame
Since there can be multiple KOTH games happening at the same time, does everyone hop on the same KOTH voice channel?
nova tide
Since there can be multiple KOTH games happening at the same time, does everyone...
There are many people now days who are playing together and join vc regularly. and some prefer not to join. its all their preferences.
slim lake
wind fjord
found every flag but still don't know how to use busybox correctly ;-;
Literally just found the link to all of the busybox binaries 
wp @lilac basin
cyan prairie
Hi
fair adder
ahaa
cyan prairie
Yow
cyan prairie
Nicee
cyan prairie
Noice
fair adder
get you machines ready π π₯³
nova tide
https://tryhackme.com/games/koth/26461
You need to share the invitation link, this is the spectator link
cyan prairie
Ah dang,
fair adder
how do I use attackbox there isnt any option
cyan prairie
Only intermediate players can join
fair adder
Only intermediate players can join
change this in settings
cyan prairie
ok2
fair adder
go to profile and click about you
and scroll down
1 minute 3 seconds and my attackbox is starting
cyan prairie
Okay I'm in
fair adder
1 minute 3 seconds and my attackbox is starting
18 secs for me ?
your time is faster lol
cyan prairie
It's starting soon
fair adder
yeah i found richard as the username
cyan prairie
nice
fair adder
without using gobuster or nothing lol
cyan prairie
nice2
fair adder
there's a funny youtube video on this challenge lmao
got one flag
fuck
next time ill come with kali in vm
attackbox is slow
fair adder
i'm literally installing all the tools again since i had to restart my machines a few days ago
cyan prairie
And I found something strange
not sure if these are false positives
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: 12345
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: 123456
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: dutchess
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: password
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: 123456789
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: iloveyou
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: 1234567
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: abc123
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: princess
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: rockyou
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: nicole
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: babygirl
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: daniel
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: 12345678
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: lovely
[80][http-post-form] host: 10.10.160.164 login: gcrawford password: monkey
Haha
fair adder
i gtg
cyan prairie
Where you going?
fair adder
to my mom`s room
cyan prairie
Still play koth?
fair adder
ill play in some time
cyan prairie
Ok
fair adder
super freaking slow lol
cyan prairie
Haha
fair adder
not sure if these are false positives
how did you find this?
marsh sierra
Anyone up?
marsh sierra
Who is playing https://tryhackme.com/games/koth/26467 with me?
agile pendant
kex_exchange_identification: Connection closed by remote host
stuck here dont know what to do
stiff egret
Reconnect.
stiff egret
No, the ssh.
stiff egret
kex_exchange_identification: Connection closed by remote host
this is likely because of the bruteforcing that's on going on the machine.
agile pendant
http and ssh both running on port 22 :
stiff egret
Which machine?
agile pendant
hogwarts
stiff egret
OH, that, uh. is intended.
agile pendant
:0
stiff egret
-p-
lyric lotus
flint zephyr
Hi
Question about koth
In rule 8 it says we cannot change execute permissions of system binaries
Does this also mean we cannot remove setuid permissions?
wind fjord
Hi
Question about koth
In rule 8 it says we cannot change execute permissions of...
Pretty sure that rule is mostly to prevent people from just doing something like chmod 700 /usr/bin as root, because this would mean absolutely no one can use the system except for root, which is wrong
If something has suid perms that creates a way to get to root, you can and should change that
stiff egret
Hi
Question about koth
In rule 8 it says we cannot change execute permissions of...
Yes, there is a fine difference between patching and destroying the machine.
flint zephyr
Pretty sure that rule is mostly to prevent people from just doing something like...
Thanks
sour vectorBOT
Gave +1 Rep to @wind fjord
sweet willow
it was quite interesting for me first time this kind of game. Totally incompetent in many areas, but windows in particular, I am curios if it was @hasty cradle who killed my shells π
solid meadow
it was quite interesting for me first time this kind of game. Totally incompeten...
Always upload more than 1 shell
hidden lark
Anyone up for match?!
fair adder
no
stable horizon
Man H1 is dumb
stiff egret
Man specify which h1
stable horizon
Hard.
stiff egret
H1 hard is anything but dumb
nova tide
H1 hard is anything but dumb
adam wants to know your location
brazen cloud
π
sonic belfry
Just delete your IP address and all is fine. π
weary axle
Just delete your IP address and all is fine. π
shutdown ur pc forever 
fair adder
I cant get last flag from space jam room
Can anyone give me hint how to get flag from king.txt?
quiet schooner
You don't get a flag from that file
nova tide
I cant get last flag from space jam room
Can anyone give me hint how to get fla...
If you are playing first time it's good to read the rules and also the blog post. King file is the file that gives +10 points every minute to the person who have their name in the file.
!docs koth
pearl gladeBOT
TryHackMe
fair adder
If you are playing first time it's good to read the rules and also the blog post...
Okay thanks
sour vectorBOT
Gave +1 Rep to @nova tide
winged charm
@deep crag just ping @nova tide or @stiff egret here
deep crag
i got footage of a guy in koth sending me in a loop f israel
nova tide
can i dm you?
deep crag
can i dm you?
absolutely
stiff egret
@delicate moon Please avoid spoilers.
delicate moon
Oh sorry just saw no one got on
stiff egret
goddamn hilarious
gusty cradle
eternal aurora
Does anyone want to go to the KOTH?
wind fjord
eternal aurora
hollow narwhal
I patched absolutely nothing
how to leave
wind fjord
you can't leave a koth game once it's started
hollow narwhal
you can't leave a koth game once it's started
oo
hollow narwhal
you can't leave a koth game once it's started
it's mistake
opal dove
you can't leave a koth game once it's started
you can't?
wind fjord
As far as I know, there is no way to fully remove your account from a game while it is active. You can always close the tab and just not play, but the "Leave Game" button that shows up under options before the game starts is not there after the IP shows up.
opal dove
I wonder if that's an unintentional design flaw, and that you could still leave using the API, or it's deliberate
stiff egret
I wonder if that's an unintentional design flaw, and that you could still leave ...
You cannot, the API doesn't work after the game starts.
opal dove
damn, so it's intentional :(
stiff egret
koth be a commitment lol
brazen cloud
It's mostly for logging and things like that (:
We need to know who was where and when - doing what, etc
terse mortar
mv vm decided the crash the moment I found an vulnerability
split quiver
mv vm decided the crash the moment I found an vulnerability <:pepehands:65806790...
xd
sour gale
Hello, how long does it takes to get the badge after you won a KOTH?
stiff egret
It should be immediate. I am really not very aware of that timing. DW you will get a badge. The max time it can take is 24 hrs.
sour gale
okay thx cuz i won yesterday night so it's still less than 24 hours
stiff egret
:) Feel free to ping here tomorrow if you don't get one by then :)
fair adder
anyone up?
stiff egret
Depends :)
stiff egret
For a KoTH match? Probably no
For some Tip regarding KoTH? Yes
For some doubt regarding KoTH? Yes
Hence, depends
fair adder
koth match
stiff egret
guess I answered it π
fair adder
I see
sour gale
np
sour gale
i'm in
sour gale
refresh
sour gale
yep
fair adder
not bad for a koth setup is it?
fair adder
i never played koth how can i ? should i polish my skills before playing?
eternal aurora
lessssssssssssss go https://tryhackme.com/games/koth/join/00efc9c69fea7a0e95d822a5
honest oxide
Anyone up for a KoTH?
stiff egret
i never played koth how can i ? should i polish my skills before playing?
If you can solve easy/medium boxes on tryhackme, you can hack your way in KoTH, although to maintain persistence, you might wanna give some resources a look.
There are some in the pinned chats/
fair adder
If you can solve easy/medium boxes on tryhackme, you can hack your way in KoTH, ...
ohh that will be fun thanksπ
true hollow
anyone want to join a KoTH mainly to help me on gettin started?
rocky cypress
anyone want to do some KOTH
quasi remnant
@dense rivet here
median plinth
true tartan
anyone want to do some KOTH
I'll do koth when I'll be able to do koth βοΈ
strong cape
Does anyone know how to figure out topSecretPrivescMethod on H1 easy?
terse willow
Does anyone know how to figure out topSecretPrivescMethod on H1 easy?
That's my backdoor to get into the box for modifications π€·ββοΈ
Good luck figuring it out -- it's not possible
strong cape
Ohhhh haha thanks!
full belfry
Anyone ready for the play?
full belfry
Hello guys. Anyone ready to play KOTH
stiff egret
All the best!
full belfry
will get into it today
Did you started?
full belfry
Please dm me @primal scaffold , so that I will be notified
primal scaffold
Please dm me <@!721724080864100383> , so that I will be notified
I am sorry I cant rn , ill start on 7pm gmt +3
full belfry
I am sorry I cant rn , ill start on 7pm gmt +3
Oh.. it will be night for me bro. Then we will plan some other time
full belfry
https://tryhackme.com/games/koth/join/fcb115a080d17aff90594c6a
Which box?
Linux or Windows?
full belfry
Oh... Random
Ok I will join. But if windows I can't do, because I don't know exploitation of Windows machine
split quiver
same bruh
split quiver
All the best to you too
full belfry
Who created this? Either you or someone else?
split quiver
the guy with username PKVIRUS
full belfry
If he is a subscriber I guess he know what machine is this
split quiver
If he is a subscriber I guess he know what machine is this
yup, i think he knows
full belfry
Yes
split quiver
btw i'm already in a match
full belfry
In the last one minute the name will be revealed so that we can decide to stay or leave
full belfry
btw i'm already in a match
Oh.. nice
full belfry
You are far away from the remaining bro, so I guess you will be winner
So you can start new match no issues
split quiver
So you can start new match no issues
then ok
full belfry
Thank you. Wish you the same π
split quiver
never played this machine before
full belfry
me too
full belfry
you got the flag :0
split quiver
yes i'm in the box now
split quiver
check port 8888
full belfry
Thanks for the hint
full belfry
check port 8888
Anything useful?
split quiver
check port 8888
this one will give you footholt
split quiver
this one will give you footholt
edit: foothold
full belfry
not the endpoint apps is showing not found
full belfry
It's not correct to chat here, shall I dm you
split quiver
π
mint ingot
It's not correct to chat here, shall I dm you
As far as there are no spoilers u can talk here and #koth-voice-chat
sly lantern
What do yall think "Luck is a parameter for everything, command it" means?
π
Totally not trying to get help for a specific machine
wind fjord
Totally not trying to get help for a specific machine
It's the parameter that goes in the url to take your input
sly lantern
Ohhhh like in the URL
I was tryna put it through burpsuit
burpsuite
There's only 10m left and literally no one has gotten into this machine yet
wind fjord
There's only 10m left and literally no one has gotten into this machine yet
Fortune is a funny machine
sly lantern
Was I supposed to be able to run actual linux commands through the luck parameter?
That machine is so confusing
wind fjord
There's a lot of RNG built into it if that's the route you wanted to try
I think the luck parameter is a 1 in 3 to work, the page on port 80 has a 1 in 65535 chance to give you a shell, etc
terse willow
1 in 20, actually
The luck parameter is either 1 in 8, or 1 in 12
Can't remember what I set that one to
Port 80 is definitely 1 in 20 though
wind fjord
It's been a while since I went through the box. I just assumed port 80 was like a roulette of every single port.
terse willow
Nah, you tell it what port you want a shell on
wind fjord
Although I'm pretty sure when I looked at the php for the luck parameter it was a 1 in 3, but I can believe 1 in 8
I think 1 in 65535 would be really funny though
terse willow
Oh, different page
Yeah, that's a much better chance, if and when it decides to stop insulting you
1 in 65535 would be hilarious, but I wasn't allowed to go nuts on it
terse willow
It is called Fortune